Can't delete AWS internet Gateway
Solution 1
You have some resources in the VPC that have been assigned a Public IP address, such as:
- Amazon EC2 instances
- Amazon RDS instances
- Amazon Redshift cluster
- VPC NAT Gateways
- etc.
These IP addresses might have been assigned as an Elastic IP address or as an "auto-assign Public IP address" no instance creation.
You will need to delete these Elastic IP addresses before the Internet Gateway can be removed. If they were auto-assigned IP addresses, then Stop the instances to remove the public IP addresses.
You might also need to edit your Route Tables so that they do not refer to the Internet Gateway.
Solution 2
had eks in a vpc, deleted the cluster but now there's network interfaces with an EIP and sg attached to them that were loadbalancers that did not get deleted when deleting the cluster because the deployments were not deleted inside the cluster before deleting the cluster itself. Had to find all associated ELB's and delete them, then security groups, then intefaces, EIP, all the way down the line till finally deleting the internet gateway and vpc.
Solution 3
I had to delete NAT gateway that was hanging around to resolve mine.
Solution 4
For those facing the same problem check also Route tables having the Internet Gateway as target
Solution 5
Personally, I had to manually reject connections from the endpoint services in the VPC.
Endpoint Services > Select Service > Endpoint Connections > Select connection > Actions > Reject endpoint connection request
Related videos on Youtube
Comments
-
Souad almost 4 years
I created an internet gateway in AWS VPC dashboard, I attached it to a VPC then I want to detach it but I keep getting this error:
Network vpc-xxxx has some mapped public adresses, Please unmap those public addresses before detaching the gateway. ( Service: AmazonEC2; Status Code: 400; Error Code: DependencyViolation; Request ID: qfdqsdf)
What to do to detache this IGW ? Why exactly do I get this error?
I need to get rid of this IGW without deleting extra resources. please any ideas?
For information, the route table of the VPC does contain public addresses but they are routed to other targets. This IGW is not set as target anywhere.
-
helloV almost 7 yearsIs the VPC empty or are there instances in the VPC's public subnet?
-
Souad almost 7 yearsYes there are instances in the subnets. these subnets are attached to virtual gateway not to internet gateway
-
helloV almost 7 yearsIf you have unassociated elastic IPs, release them and try.
-
Souad almost 7 yearsThe thing is that I have no elastic IPs
-
Michael - sqlbot almost 7 yearsWhy do you "need" to get rid of an Internet Gateway? This implies you have no instances with public or elastic IP addresses, no NAT Gateways, no external ELBs, and no other resources with an elastic network interface with associated public IP addresses... yet, for some reason you did attach an IGW to your VPC, and it's unclear why that might have been or why you now want to remove it.
-
garryp over 5 yearsI found a NAT gateway lingering that caused this, and had to delete it.
-
Xavi Montero about 4 yearsI am in the same situation (although in a VPC I created tfor test). Thing is: If the VPC+subnets+instances+public-IPs could live 'before' the internet gateway was attached, I don't see any reason for it not being able to detach after an attach. I mean... I have a table. I put a glass. I want to remove the glass. It says "there's thirsty people there". Okey... before placing the glass, the table had no glasses and that's all.
-
Xavi Montero about 4 yearsAdditionally, if I'm not misunderstood, the Internet Gateway allows OUTGOING traffic. I mean: I might want to have a host with a public IP to reach it via ssh, but maybe I don't wont that host to start connections to the outside world. Isn't the Internet Gateway intended only for outgoing traffic? Maybe I'm confused with that.
-
-
luk2302 over 6 yearsThanks for RDS tip, in my case someone did set up a database without cloudformation and caused the vpc stack to not be deletable.
-
ab77 over 5 yearsAlso EC2->Network Interfaces-> filter by VPC Id. In our case there were left-over Client VPN IP assignments.
-
Jordan Stewart almost 5 yearsI can't think of anything that fits under the "etc." category, but I guess AWS is releasing new services all the time.
-
Max Lobur over 4 yearsWas ELB + sec groups in my case
-
thelr about 4 yearsLoad balancers fit in "etc"
-
Christopher Thomas almost 4 yearsYeah if you have a VPC Private Link in an API Gateway I need to do this in order to delete them. You need to reject the connection like you mentioned first
-
LuQQiu almost 3 yearsDelete the load balancer helps!
-
Francisco Cardoso over 2 yearsDelete NAT gateway also
-
ChuyAMS over 2 yearsI also had to delete the security groups