CODEWITHSUNDEEP
amazon-web-servicesamazon-vpc
Yu Chen
Yu Chen

Reputation: 7440

Unable to delete AWS VPC Endpoint

One of my CloudFormation stacks is stuck in a UPDATE_COMPLETE_CLEANUP_IN_PROGRESS because I attempted to remove a subnet that was no longer needed. However, this subnet apparently has some resources attached to it, including an EC2 instance and a VPC Endpoint. I cannot delete this VPC Endpoint in AWS. When I attempt to delete the VPC Endpoint, I receive this error message: enter image description here

How do I find out what dependencies this VPC Endpoint has and go about deleting it?

From what I can Google, Operation is not allowed for requester-managed VPC endpoints for the service means that AWS created this VPC endpoint for me, as part of a request for some resource. However, I have no idea which resource this VPC endpoint is tied to.

Update: the VPC Endpoint uses an ENI, but when I try to delete/detach this ENI, it says that the ENI is being used by a service and therefore cannot be deleted. enter image description here

Upvotes: 7

Views: 12136

Answers (3)

Levi
Levi

Reputation: 69

Try to use this command to get error info.

aws ec2 delete-vpc-endpoints --vpc-endpoint-ids <endpointID> --profile <YourProfile>

In my case, I created a redis service that is the elasticache serverless it's running so I can't remove VPC-Endpoints. This is the logs I got from aws-cli:

{
    "Unsuccessful": [
        {
            "Error": {
                "Code": "InvalidParameter",
                "Message": "Operation is not allowed for requester-managed VPC endpoints for the service com.amazonaws.elasticache.serverless.us-east-1.vpce-svc-xxxxxxx."
            },
            "ResourceId": "vpce-xxxxxxx"
        }
    ]
}

Upvotes: 0

SunghoMoon
SunghoMoon

Reputation: 1461

Don't you have RDS Proxy? It creates VPC Endpoint on behalf of customer.

Upvotes: 9

samtoddler
samtoddler

Reputation: 9605

As it is a requester managed VPC endpoint.

Requester-managed network interfaces

You cannot modify or detach a requester-managed network interface. If you delete the resource that the network interface represents, the AWS service detaches and deletes the network interface for you. To change the security groups for a requester-managed network interface, you might have to use the console or command line tools for that service.

You need to delete the resource which has created this vpc endpoint.

Upvotes: 2

Related Questions