Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to delete default VPC (Reason : IGW) #23488

Open
imsathyakumar opened this issue Mar 3, 2022 · 5 comments · May be fixed by #37899
Open

Unable to delete default VPC (Reason : IGW) #23488

imsathyakumar opened this issue Mar 3, 2022 · 5 comments · May be fixed by #37899
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/ec2 Issues and PRs that pertain to the ec2 service.

Comments

@imsathyakumar
Copy link

imsathyakumar commented Mar 3, 2022
edited

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

$ terraform -v
Terraform v1.1.5
on darwin_amd64
+ provider registry.terraform.io/hashicorp/aws v4.3.0

Affected Resource(s)

aws_default_vpc

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

#Delete the default vpc & its components when destroy is run
resource "aws_default_vpc" "default_vpc" {
  force_destroy = true
}

resource "aws_default_subnet" "default_subnet_azs" {
  for_each          = toset(local.az_zone)
  availability_zone = each.value
  force_destroy     = true
  # vpc_id            = aws_default_vpc.default_vpc.id
  depends_on = [aws_default_vpc.default_vpc]
}

resource "aws_default_route_table" "default_rt" {
  depends_on             = [aws_default_vpc.default_vpc]
  default_route_table_id = aws_default_vpc.default_vpc.default_route_table_id

  route = []

  tags = {
    Name = "default-route-table"
  }
}

resource "aws_default_security_group" "default_sg" {
  depends_on = [aws_default_vpc.default_vpc]
  vpc_id     = aws_default_vpc.default_vpc.id
}

resource "aws_default_network_acl" "default_nacl" {
  depends_on             = [aws_default_vpc.default_vpc]
  default_network_acl_id = aws_default_vpc.default_vpc.default_network_acl_id
}

resource "aws_default_vpc_dhcp_options" "default_dhcp" {
  depends_on = [aws_default_vpc.default_vpc]
}

Expected Behavior

When the terraform destroy -target 'aws_default_vpc.default_vpc' is run, expect the Internet gateway to get detached from the VPC and deleted. Followed by the VPC deletion

Actual Behavior

│ Error: error deleting EC2 VPC (vpc-0cb9a49b8148f8648): DependencyViolation: The vpc 'vpc-0cb9a49b8148f8648' has dependencies and cannot be deleted.
│ 	status code: 400, request id: 42a92b28-fbee-4bdd-8d03-6f24539da761
│

Important Factoids

There is no force_destroy option in Internet gateway and internet gateway attachment to get it added into the current state like in default_vpc, default_subnets. Without default internet gateway getting detached and deleted, there are no options to get the default VPC destroyed. This ruins the purpose of force_destroy in aws_default_vpc resource.
@github-actions github-actions bot added needs-triage Waiting for first response or review from a maintainer. service/ec2 Issues and PRs that pertain to the ec2 service. labels Mar 3, 2022
@imsathyakumar imsathyakumar changed the title Unable to delete default VPC with IGW attachment Unable to delete default VPC (Reason : IGW) Mar 3, 2022
@justinretzolk justinretzolk added enhancement Requests to existing resources that expand the functionality or scope. and removed needs-triage Waiting for first response or review from a maintainer. labels Mar 4, 2022
@cb-shivamagarwal
Copy link

cb-shivamagarwal commented Aug 17, 2022
edited

In my case, I had created a default VPC using the AWS provider through terraform. I had also mentioned force_destroy = true. After doing terraform destroy, I even got a log aws_default_vpc.default: Destroying... [id=vpc-XXXXXXX] and aws_default_vpc.default: Destruction complete after 0s. However, it was not deleted and was still visible through the AWS console.

I tried to do terraform destroy again, but it did not work because, according to terraform, there were no changes to do as the resources were already deleted. However, I was still able to see the VPC through AWS console.

@YakDriver YakDriver mentioned this issue Aug 30, 2022
Merged
@rmatulis
Copy link

rmatulis commented Jan 6, 2023

I am getting the same issue due to the internet gateway not allowing the VPC to delete from terraform.

2023-01-06T12:20:18.207+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5: Action=DeleteVpc&Version=2016-11-15&VpcId=vpc-07b81b4b0e659****
2023-01-06T12:20:18.207+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5: -----------------------------------------------------
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5: [DEBUG] [aws-sdk-go] DEBUG: Response ec2/DeleteVpc Details:
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5: ---[ RESPONSE ]--------------------------------------
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5: HTTP/1.1 400 Bad Request
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5: Connection: close
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5: Transfer-Encoding: chunked
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5: Cache-Control: no-cache, no-store
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5: Content-Type: text/xml;charset=UTF-8
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5: Date: Fri, 06 Jan 2023 01:20:18 GMT
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5: Server: AmazonEC2
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5: Strict-Transport-Security: max-age=31536000; includeSubDomains
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5: Vary: accept-encoding
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5: X-Amzn-Requestid: cdb95100-be50-49d1-952b-34a0f72e0d6e
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5:
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5:
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5: -----------------------------------------------------
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5: [DEBUG] [aws-sdk-go] <?xml version="1.0" encoding="UTF-8"?>
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5: <Response><Errors><Error><Code>DependencyViolation</Code><Message>The vpc 'vpc-07b81b4b0e659****' has dependencies and cannot be deleted.</Message></Error></Errors><RequestID>cdb95100-be50-49d1-952b-34a0f72e0d6e</RequestID></Response>
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5: [DEBUG] [aws-sdk-go] DEBUG: Validate Response ec2/DeleteVpc failed, attempt 0/25, error DependencyViolation: The vpc 'vpc-07b81b4b0e659****' has dependencies and cannot be deleted.      
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5:        status code: 400, request id: cdb95100-be50-49d1-952b-34a0f72e0d6e

@colinexl
Copy link

Hello, we are seeing this issue as well when trying to delete a default VPC. Getting something like "errorMessage": "The vpc 'vpc-XYZ' has dependencies and cannot be deleted.",

@lisenet
Copy link

lisenet commented Aug 22, 2023
edited

We've managed to replicate this issue as well. The default VPC cannot be destroyed by Terraform because it depends on the default IGW.

aws_default_vpc.default: Still destroying... [id=vpc-1234567890, 4m50s elapsed]
╷
│ Error: deleting EC2 VPC (vpc-1234567890): operation error EC2: DeleteVpc, https response error StatusCode: 400, RequestID: 1904efaa-fb89-4fb1-9ec5-4b22c46f45c9, api error DependencyViolation: The vpc 'vpc-1234567890' has dependencies and cannot be deleted.
│

@lewyg lewyg mentioned this issue Jan 9, 2024
Open
@delaskoff
Copy link

There's no such thing as a default IGW, so the only way is to import it and destroy it afterwards.

@PeterSzegedi PeterSzegedi linked a pull request Jun 10, 2024 that will close this issue
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/ec2 Issues and PRs that pertain to the ec2 service.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[New Resource] aws_default_internet_gateway PeterSzegedi/terraform-provider-aws
7 participants
@colinexl @rmatulis @lisenet @delaskoff @justinretzolk @imsathyakumar @cb-shivamagarwal