Cannot Delete an AWS VPC

Question

I want to delete an AWS VPC which I don't know how it came into existence. When I try to delete it in AWS Console, it says:

We could not delete the following VPC (vpc-0a72ac71) Network interface 'eni-ce2a0d10' is currently in use. (Service: AmazonEC2; Status Code: 400; Error Code: InvalidParameterValue; Request ID: 821d8a6d-3d9b-4c24-b372-314ea9b18b23)

As it mentions "AmazonEC2" in the error message, I suspected there might be some EC2 instances residing in this VPC. So I went into EC2 dashboard but found no EC2 exist there. However, I found there are two security groups associated with this vpc. So I decided to delete them hoping that's the cause of the error. But when I tried to do so, I got this message:

As the message says, these security groups are associated with some network interfaces. Therefore, I decided to 'Detach' those but I got this error message:

Error deleting network interfaces eni-ce2a0d10: You do not have permission to access the specified resource. eni-0b7ff712: You do not have permission to access the specified resource.

But I'm the root user so I assume I should be able to do whatever I want to do except if the resource is made by aws itself or another root account.

I know somewhere this network interface is being used but it will be very time-consuming to go through each aws service and check that.

I've already checked AWS RDS service and no instance or rds subnet is made. I've already checked this question and this with no luck.

Answer 1

I found the root cause of this issue.

Short Answer:

That VPC was created solely for the WorkDocs service instance. So AWS was preventing me to delete its VPC and any of its dependent services and pieces.

How I figured it out:

First, I noticed something interesting has been written in the 'Description' column of the 'undeletable' Network Interfaces (you can see them in the last OP's figure):

"AWS created network interface for directory d-90672d6b72."

From "directory", I suspected that this might have something do to with AWS Directory Service. So I went to this service and noticed there is a directory associated with the VPC:

So I tried to remove this directory but I got this error message:

Error - Directory cannot be deleted This directory still has authorized applications, and cannot be deleted.  To delete this directory, complete all of the following steps: • Delete the WorkDocs site attached to this directory.

 

Therefore, I went to AWS WorkDocs Service and found it and deleted it:

So now the directory is also deleted (circled in red), I went back to delete those network interfaces. However I realized that they are vanished! (I guess Amazon removed them on its own). I went to VPC service to see whether I'm now able to delete the VPC. Guess what? That VPC was vanished too!

Now I understand what was happening. That VPC was created solely for the WorkDocs service instance. I wish Amazon was more transparent about it.