Remove default VPC via aws CLI
When you start a new account, Amazon creates a new VPC by default with 3 subnets, 1 security group, 1 ACL, and 1 internet gateway. I want to remove vpc related and default objects. I can do this through the console, but I want to achieve this through the aws cli and I am stuck.
When I try the following command:
aws ec2 delete-vpc --vpc-id $VpcId
The console returns a DependencyViolation error:
Client error (DependencyViolation) occurred while calling DeleteVpc operation: vpc 'vpc-13f53076' has dependencies and cannot be deleted.
So I tried to remove the dependencies, but that doesn't work for everyone!
-
For the internet gateway, I got the same error:
Client error (DependencyViolation) occurred when calling DeleteInternetGateway operation: InternetGateway 'igw-d0f51bb5' has dependencies and cannot be deleted.
-
For the default security group. I got the following error:
Client error (CannotDelete) occurred while calling DeleteSecurityGroup operation: specified group: "sg-acca7bc" name: "default" cannot be deleted by user
-
For the default ACL, I got the following error:
Client error (InvalidParameterValue) occurred when calling DeleteNetworkAcl operation: Unable to delete default ACL ACL-d3ba77b6
This is a new account without any previously created exceptions if the default vpc is created by Amazon. Any help or pointers in the right direction would be appreciated.
source to share
Try uninstalling from AWS Control Panel, it may result in more detailed error.
- FYI, you cannot remove the default security group.
- Disconnect the VPC before removing the Internet gateway
- Make sure there is no Elastic Network Interface (ENI) connected. You can see it under NetworkInterfaces in the EC2 left pane.
And why do you want to delete your default VPC?
source to share
I needed to go through and remove all default VPCs in all regions and wrote a script to do that. May save someone else for a while. Requires aws cli and 'jq'.
#/usr/bin/env bash
export REGIONS=$(aws ec2 describe-regions | jq -r ".Regions[].RegionName")
for region in $REGIONS; do
# list vpcs
echo $region
aws --region=$region ec2 describe-vpcs | jq ".Vpcs[]|{is_default: .IsDefault, cidr: .CidrBlock, id: .VpcId} | select(.is_default)"
done
read -p "Are you sure? " -n 1 -r
echo # (optional) move to a new line
if [[ $REPLY =~ ^[Yy]$ ]]
then
for region in $REGIONS ; do
echo "Killing $region"
# list vpcs
export IDs=$(aws --region=$region ec2 describe-vpcs | jq -r ".Vpcs[]|{is_default: .IsDefault, id: .VpcId} | select(.is_default) | .id")
for id in "$IDs" ; do
if [ -z "$id" ] ; then
continue
fi
# kill igws
for igw in 'aws --region=$region ec2 describe-internet-gateways | jq -r ".InternetGateways[] | {id: .InternetGatewayId, vpc: .Attachments[0].VpcId} | select(.vpc == \"$id\") | .id"' ; do
echo "Killing igw $region $id $igw"
aws --region=$region ec2 detach-internet-gateway --internet-gateway-id=$igw --vpc-id=$id
aws --region=$region ec2 delete-internet-gateway --internet-gateway-id=$igw
done
# kill subnets
for sub in 'aws --region=$region ec2 describe-subnets | jq -r ".Subnets[] | {id: .SubnetId, vpc: .VpcId} | select(.vpc == \"$id\") | .id"' ; do
echo "Killing subnet $region $id $sub"
aws --region=$region ec2 delete-subnet --subnet-id=$sub
done
echo "Killing vpc $region $id"
aws --region=$region ec2 delete-vpc --vpc-id=$id
done
done
fi
source to share