Failed to delete cluster VPC due to subnet dependencies

[slysunkin]

/kind bug

What steps did you take and what happened: EKS cluster was created with control plane AWSManagedControlPlane

When cluster is removed, the VPC is left behind.

capa-controller-manager logs has the following error message:

E1011 20:59:30.002660       1 awsmanagedcontrolplane_controller.go:433] "error deleting network for AWSManagedControlPlane" err=<
        failed to delete subnet "subnet-0ea0898511118bc9b": DependencyViolation: The subnet 'subnet-0ea0898511118bc9b' has dependencies and cannot be deleted.
                status code: 400, request id: f43d3302-6fc1-4547-8137-622febaa4247

k describe AWSManagedControlPlane ... shows this:

...redacted...
  Normal   SuccessfulDeleteEKSCluster        9m51s  aws-controller  Deleted EKS Cluster sample_eks-dev-cp
  Normal   SuccessfulDeleteSecurityGroup     9m50s  aws-controller  Deleted cluster managed SecurityGroup "sg-053be8de0a8b8a58e"
  Normal   SuccessfulDisassociateRouteTable  9m48s  aws-controller  Disassociated managed RouteTable "rtb-0069154c5b2667e89" from subnet "subnet-0929ce1816629c157"
  Normal   SuccessfulDeleteRouteTable        9m48s  aws-controller  Deleted managed RouteTable "rtb-0069154c5b2667e89"
  Normal   SuccessfulDisassociateRouteTable  9m48s  aws-controller  Disassociated managed RouteTable "rtb-06e3810b5bc6a13db" from subnet "subnet-01264a0459bc607fd"
  Normal   SuccessfulDeleteRouteTable        9m48s  aws-controller  Deleted managed RouteTable "rtb-06e3810b5bc6a13db"
  Normal   SuccessfulDisassociateRouteTable  9m48s  aws-controller  Disassociated managed RouteTable "rtb-005c79c7f90738a7f" from subnet "subnet-0ea0898511118bc9b"
  Normal   SuccessfulDeleteRouteTable        9m47s  aws-controller  Deleted managed RouteTable "rtb-005c79c7f90738a7f"
  Normal   SuccessfulDisassociateRouteTable  9m47s  aws-controller  Disassociated managed RouteTable "rtb-077fe77bb530a7650" from subnet "subnet-08dcd3a999598b47f"
  Normal   SuccessfulDeleteRouteTable        9m47s  aws-controller  Deleted managed RouteTable "rtb-077fe77bb530a7650"
  Normal   SuccessfulDisassociateRouteTable  9m47s  aws-controller  Disassociated managed RouteTable "rtb-041cd2d2a1e180948" from subnet "subnet-0aabc997794be158e"
  Normal   SuccessfulDeleteRouteTable        9m47s  aws-controller  Deleted managed RouteTable "rtb-041cd2d2a1e180948"
  Normal   SuccessfulDisassociateRouteTable  9m46s  aws-controller  Disassociated managed RouteTable "rtb-05be425e7cef681ae" from subnet "subnet-0deb699a48aad4356"
  Normal   SuccessfulDeleteRouteTable        9m46s  aws-controller  Deleted managed RouteTable "rtb-05be425e7cef681ae"
  Normal   SuccessfulDeleteNATGateway        9m46s  aws-controller  Deleted NAT Gateway "nat-079d3fe8b35dca178" previously attached to VPC "vpc-06ddcd7e6b97c5236"
  Normal   SuccessfulDeleteNATGateway        9m46s  aws-controller  Deleted NAT Gateway "nat-0d71f14e5bccbaf62" previously attached to VPC "vpc-06ddcd7e6b97c5236"
  Normal   SuccessfulDeleteNATGateway        9m46s  aws-controller  Deleted NAT Gateway "nat-0d5e6d4976cf1a29f" previously attached to VPC "vpc-06ddcd7e6b97c5236"
  Normal   SuccessfulDetachInternetGateway   8m27s  aws-controller  Detached Internet Gateway "igw-0dc145ff1f4bc484a" from VPC "vpc-06ddcd7e6b97c5236"
  Normal   SuccessfulDeleteInternetGateway   8m27s  aws-controller  Deleted Internet Gateway "igw-0dc145ff1f4bc484a" previously attached to VPC "vpc-06ddcd7e6b97c5236"
  Warning  FailedDeleteSubnet                8m27s  aws-controller  Failed to delete managed Subnet "subnet-0ea0898511118bc9b": DependencyViolation: The subnet 'subnet-0ea0898511118bc9b' has dependencies and cannot be deleted.
           status code: 400, request id: 15120fca-175f-491b-8fc3-cd39a3c67d90
... several retries to delete subnet...

What did you expect to happen: Cluster is deleted and all linked resources are removed.

Environment:

• Cluster-api-provider-aws version: v2.6.1
• Kubernetes version: (use kubectl version): 1.30.0
• OS (e.g. from /etc/os-release): Amazon Linux 2

[k8s-ci-robot]

This issue is currently awaiting triage.

If CAPA/CAPI contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.