(disclaimer: new to AWS, a developer trying to pivot into DevOps)
During one interview/screening, I took a take-home challenge, which asked me to provision a complex piece of infrastructure, using their own script, which relied on Terraform, and created a little cosmos of intertwined AWS resources. Unfortunatelly, I manually (yuck!) deleted the S3 bucket used by Terraform to keep track of the state of things - so destroying them automatically is no longer possible, so I need to clean it all up manually.
Most of the things are cleared now. But there's a Security Group that's left over. Deleting it fails due to it being connected to something called Network Interface. Looking at that Network Interface I found out that "Delete" button is greyed out, but "Detach" is active - alas, it said I can't "Detach" it, because I "lack permissions". Given the fact that I'm logged into console as a root of my AWS account, I don't buy it.
Does anyone know what these beasts are, and what are the possible problems killing them? I suppose it's kinda like a connection between A and B, and if either end of a connection is plugged in, you can't "kill" it - but what should I look for?
Got the bugger!
As I was clearing out the Roles created by Terraform, I discovered a Service-owned role; it had "RDS" in it's name. Surprised (I thought I killed those among the first), I went to check, and indeed there was an instance lurking. After killing that, removing NI and VPC (and the role) was unblocked.
It's interesting to me now - how come the error didn't mention the RDS as a blocker? All it could tell me was the NI is blocking it; now I guess I know who was the owner of the Attachment - that RDS instance. But why the heck was it a "permission" issue for me? 'Force' should have dealt with it!