Unable to delete default VPC (Reason : IGW)

[imsathyakumar]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

$ terraform -v
Terraform v1.1.5
on darwin_amd64
+ provider registry.terraform.io/hashicorp/aws v4.3.0

Affected Resource(s)

aws_default_vpc

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

#Delete the default vpc & its components when destroy is run
resource "aws_default_vpc" "default_vpc" {
  force_destroy = true
}

resource "aws_default_subnet" "default_subnet_azs" {
  for_each          = toset(local.az_zone)
  availability_zone = each.value
  force_destroy     = true
  # vpc_id            = aws_default_vpc.default_vpc.id
  depends_on = [aws_default_vpc.default_vpc]
}

resource "aws_default_route_table" "default_rt" {
  depends_on             = [aws_default_vpc.default_vpc]
  default_route_table_id = aws_default_vpc.default_vpc.default_route_table_id

  route = []

  tags = {
    Name = "default-route-table"
  }
}

resource "aws_default_security_group" "default_sg" {
  depends_on = [aws_default_vpc.default_vpc]
  vpc_id     = aws_default_vpc.default_vpc.id
}

resource "aws_default_network_acl" "default_nacl" {
  depends_on             = [aws_default_vpc.default_vpc]
  default_network_acl_id = aws_default_vpc.default_vpc.default_network_acl_id
}

resource "aws_default_vpc_dhcp_options" "default_dhcp" {
  depends_on = [aws_default_vpc.default_vpc]
}

Expected Behavior

When the terraform destroy -target 'aws_default_vpc.default_vpc' is run, expect the Internet gateway to get detached from the VPC and deleted. Followed by the VPC deletion

Actual Behavior

│ Error: error deleting EC2 VPC (vpc-0cb9a49b8148f8648): DependencyViolation: The vpc 'vpc-0cb9a49b8148f8648' has dependencies and cannot be deleted.
│   status code: 400, request id: 42a92b28-fbee-4bdd-8d03-6f24539da761
│

Important Factoids

There is no force_destroy option in Internet gateway and internet gateway attachment to get it added into the current state like in default_vpc, default_subnets. Without default internet gateway getting detached and deleted, there are no options to get the default VPC destroyed. This ruins the purpose of force_destroy in aws_default_vpc resource.

[cb-shivamagarwal]

In my case, I had created a default VPC using the AWS provider through terraform. I had also mentioned force_destroy = true. After doing terraform destroy, I even got a log aws_default_vpc.default: Destroying... [id=vpc-XXXXXXX] and aws_default_vpc.default: Destruction complete after 0s. However, it was not deleted and was still visible through the AWS console.

I tried to do terraform destroy again, but it did not work because, according to terraform, there were no changes to do as the resources were already deleted. However, I was still able to see the VPC through AWS console.

[rmatulis]

I am getting the same issue due to the internet gateway not allowing the VPC to delete from terraform.

2023-01-06T12:20:18.207+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5: Action=DeleteVpc&Version=2016-11-15&VpcId=vpc-07b81b4b0e659****
2023-01-06T12:20:18.207+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5: -----------------------------------------------------
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5: [DEBUG] [aws-sdk-go] DEBUG: Response ec2/DeleteVpc Details:
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5: ---[ RESPONSE ]--------------------------------------
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5: HTTP/1.1 400 Bad Request
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5: Connection: close
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5: Transfer-Encoding: chunked
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5: Cache-Control: no-cache, no-store
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5: Content-Type: text/xml;charset=UTF-8
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5: Date: Fri, 06 Jan 2023 01:20:18 GMT
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5: Server: AmazonEC2
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5: Strict-Transport-Security: max-age=31536000; includeSubDomains
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5: Vary: accept-encoding
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5: X-Amzn-Requestid: cdb95100-be50-49d1-952b-34a0f72e0d6e
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5:
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5:
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5: -----------------------------------------------------
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5: [DEBUG] [aws-sdk-go] <?xml version="1.0" encoding="UTF-8"?>
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5: <Response><Errors><Error><Code>DependencyViolation</Code><Message>The vpc 'vpc-07b81b4b0e659****' has dependencies and cannot be deleted.</Message></Error></Errors><RequestID>cdb95100-be50-49d1-952b-34a0f72e0d6e</RequestID></Response>
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5: [DEBUG] [aws-sdk-go] DEBUG: Validate Response ec2/DeleteVpc failed, attempt 0/25, error DependencyViolation: The vpc 'vpc-07b81b4b0e659****' has dependencies and cannot be deleted.      
2023-01-06T12:20:19.410+1100 [DEBUG] provider.terraform-provider-aws_v4.49.0_x5:        status code: 400, request id: cdb95100-be50-49d1-952b-34a0f72e0d6e

[colinexl]

Hello, we are seeing this issue as well when trying to delete a default VPC. Getting something like "errorMessage": "The vpc 'vpc-XYZ' has dependencies and cannot be deleted.",

[lisenet]

We've managed to replicate this issue as well. The default VPC cannot be destroyed by Terraform because it depends on the default IGW.

aws_default_vpc.default: Still destroying... [id=vpc-1234567890, 4m50s elapsed]
╷
│ Error: deleting EC2 VPC (vpc-1234567890): operation error EC2: DeleteVpc, https response error StatusCode: 400, RequestID: 1904efaa-fb89-4fb1-9ec5-4b22c46f45c9, api error DependencyViolation: The vpc 'vpc-1234567890' has dependencies and cannot be deleted.
│ 

[delaskoff]

There's no such thing as a default IGW, so the only way is to import it and destroy it afterwards.