6

启动新账户时,Amazon 会创建一个新的默认 VPC,其中包含 3 个子网、1 个安全组、1 个 ACL 和 1 个互联网网关。我想删除默认的 vpc 和与之关联的对象。我可以通过控制台做到这一点,但我想通过 aws cli 实现这一点,但我被卡住了。

当我尝试以下命令时:

aws ec2 delete-vpc --vpc-id $VpcId

控制台返回 DependencyViolation 错误:

调用 DeleteVpc 操作时出现客户端错误(DependencyViolation):vpc 'vpc-13f53076' 有依赖项,无法删除。

所以我试图删除依赖项,但它并不适用于所有人!

  • 对于互联网网关,我得到了同样的错误:

    调用 DeleteInternetGateway 操作时发生客户端错误 (DependencyViolation):internetGateway 'igw-d0f51bb5' 具有依赖关系,无法删除。

  • 对于默认安全组。我收到以下错误:

    调用 DeleteSecurityGroup 操作时发生客户端错误(CannotDelete):指定组:“sg-acca7bc”名称:“default”不能被用户删除

  • 对于默认 ACL,我收到以下错误:

    调用 DeleteNetworkAcl 操作时出现客户端错误(InvalidParameterValue):无法删除默认网络 ACL acl-d3ba77b6

这是一个新账户,除了亚马逊创建的默认 vpc 之前没有创建任何内容。任何正确方向的帮助或指示将不胜感激。

4

4 回答 4

15

我需要遍历并删除所有区域中的所有默认 VPC,并为其编写脚本。可能会为别人节省一些时间。需要 aws cli 和“jq”。

#/usr/bin/env bash

export REGIONS=$(aws ec2 describe-regions | jq -r ".Regions[].RegionName")

for region in $REGIONS; do
    # list vpcs
    echo $region
    aws --region=$region ec2 describe-vpcs | jq ".Vpcs[]|{is_default: .IsDefault, cidr: .CidrBlock, id: .VpcId} | select(.is_default)"
done

read -p "Are you sure? " -n 1 -r
echo    # (optional) move to a new line
if [[ $REPLY =~ ^[Yy]$ ]]
then
    for region in $REGIONS ; do
        echo "Killing $region"
        # list vpcs
        export IDs=$(aws --region=$region ec2 describe-vpcs | jq -r ".Vpcs[]|{is_default: .IsDefault, id: .VpcId} | select(.is_default) | .id")
        for id in "$IDs" ; do
            if [ -z "$id" ] ; then
                continue
            fi

            # kill igws
            for igw in `aws --region=$region ec2 describe-internet-gateways | jq -r ".InternetGateways[] | {id: .InternetGatewayId, vpc: .Attachments[0].VpcId} | select(.vpc == \"$id\") | .id"` ; do
                echo "Killing igw $region $id $igw"
                aws --region=$region ec2 detach-internet-gateway --internet-gateway-id=$igw --vpc-id=$id
                aws --region=$region ec2 delete-internet-gateway --internet-gateway-id=$igw
            done

            # kill subnets
            for sub in `aws --region=$region ec2 describe-subnets | jq -r ".Subnets[] | {id: .SubnetId, vpc: .VpcId} | select(.vpc == \"$id\") | .id"` ; do
                echo "Killing subnet $region $id $sub"
                aws --region=$region ec2 delete-subnet --subnet-id=$sub
            done

            echo "Killing vpc $region $id"
            aws --region=$region ec2 delete-vpc --vpc-id=$id
        done
    done

fi
于 2019-07-17T18:19:52.063 回答
3

尝试从 AWS 控制面板中删除,它可能会给出更详细的错误。

  1. 仅供参考,您不能删除默认安全组
  2. 在删除互联网网关之前,将其与 VPC 分离
  3. 确保没有附加弹性网络接口 (ENI) - 您可以在 EC2 左窗格的 NetworkInterfaces 下看到它

为什么要删除默认 VPC?

于 2014-11-12T00:16:04.043 回答
1

您必须先分离网关,然后才能将其删除;附件创建了一个循环依赖。在这里查看我的答案。

于 2016-01-09T17:09:18.047 回答
0 
##Came across this code to delete the default VPC using Boto3:

import boto3
import cfnresponse
import threading
import logging
ec2 = boto3.client('ec2')
def getdefaultvpc():
    vpcs = ec2.describe_vpcs(
        Filters=[
            {
                'Name': 'is-default',
                'Values': [
                    'true',
                ]
            },
        ]
    )
    if len(vpcs['Vpcs']) == 0:
        exit(0)
    return vpcs['Vpcs'][0]
def deleteigws(vpcid):
    igws = ec2.describe_internet_gateways(
        Filters=[
            {
                'Name': 'attachment.vpc-id',
                'Values': [
                    vpcid,
                ]
            },
        ]
    )
    if len(igws['InternetGateways']) > 0:
        igwid = igws['InternetGateways'][0]['InternetGatewayId']
        attachstate = igws['InternetGateways'][0]['Attachments'][0]['State']
        ec2.detach_internet_gateway(
            InternetGatewayId=igwid,
            VpcId=vpcid
        )
        while attachstate != 'detached':
            igws = ec2.describe_internet_gateways(
                InternetGatewayIds=[
                    igwid
                ]
            )
            if len(igws['InternetGateways'][0]['Attachments']) > 0:
                attachstate = igws['InternetGateways'][0]['Attachments'][0]['State']
            else:
                attachstate = 'detached'
        ec2.delete_internet_gateway(
            InternetGatewayId=igwid
        )
def deletesubnets(vpcid):
    subnets = ec2.describe_subnets(
        Filters=[
            {
                'Name': 'vpc-id',
                'Values': [
                    vpcid,
                ]
            },
        ]
    )
    for subnet in subnets['Subnets']:
        ec2.delete_subnet(
            SubnetId=subnet['SubnetId']
        )
def main():
    vpcinfo = getdefaultvpc()
    deleteigws(vpcinfo['VpcId'])
    deletesubnets(vpcinfo['VpcId'])
    ec2.delete_vpc(
        VpcId=vpcinfo['VpcId']
    )
def timeout(event, context):
    logging.error('Execution is about to time out, sending failure response to CloudFormation')
    cfnresponse.send(event, context, cfnresponse.FAILED, {}, None)
def lambda_handler(event, context):
    timer = threading.Timer((context.get_remaining_time_in_millis() / 1000.00) - 0.5, timeout, args=[event, context])
    timer.start()
    status = cfnresponse.SUCCESS
    try:
        if event['RequestType'] == 'Create':
            main()
    except Exception as e:
        logging.error('Exception: %s' % e, exc_info=True)
        status = cfnresponse.FAILED
    finally:
        timer.cancel()
        cfnresponse.send(event, context, status, {}, None)`enter code here`
于 2021-11-18T23:02:12.040 回答