如何在 AWS CLI 中列出所有 VPC 依赖项？

Question 1

以下是我使用 AWS CLI 最终得到的结果。我知道除了子网之外还有其他依赖项，但这只是一个开始：

jcomeau@aspire:~$ aws ec2 describe-subnets
{
    "Subnets": [
        {
            "VpcId": "vpc-9a5c2bfe", 
            "CidrBlock": "10.0.0.0/25", 
            "MapPublicIpOnLaunch": false, 
            "DefaultForAz": false, 
            "State": "available", 
            "AvailabilityZone": "us-east-1c", 
            "SubnetId": "subnet-10923666", 
            "AvailableIpAddressCount": 123
        }
    ]
}
jcomeau@aspire:~$ aws ec2 delete-subnet --subnet-id=subnet-10923666
jcomeau@aspire:~$ aws ec2 delete-vpc --vpc-id=vpc-9a5c2bfe
jcomeau@aspire:~$

好的，所以这对我的所有人来说都不起作用。这是另一个：

jcomeau@aspire:~$ aws ec2 describe-internet-gateways
{
    "InternetGateways": [
        {
            "Tags": [], 
            "InternetGatewayId": "igw-37e81153", 
            "Attachments": [
                {
                    "State": "available", 
                    "VpcId": "vpc-e2087c86"
                }
            ]
        }
    ]
}
jcomeau@aspire:~$ aws ec2 detach-internet-gateway --internet-gateway-id=igw-37e81153 --vpc-id=vpc-e2087c86
jcomeau@aspire:~$ aws ec2 delete-internet-gateway --internet-gateway-id=igw-37e81153
jcomeau@aspire:~$ aws ec2 delete-vpc --vpc-id=vpc-e2087c86
jcomeau@aspire:~$

Answer

以下是我使用 AWS CLI 最终得到的结果。我知道除了子网之外还有其他依赖项，但这只是一个开始：

jcomeau@aspire:~$ aws ec2 describe-subnets
{
    "Subnets": [
        {
            "VpcId": "vpc-9a5c2bfe", 
            "CidrBlock": "10.0.0.0/25", 
            "MapPublicIpOnLaunch": false, 
            "DefaultForAz": false, 
            "State": "available", 
            "AvailabilityZone": "us-east-1c", 
            "SubnetId": "subnet-10923666", 
            "AvailableIpAddressCount": 123
        }
    ]
}
jcomeau@aspire:~$ aws ec2 delete-subnet --subnet-id=subnet-10923666
jcomeau@aspire:~$ aws ec2 delete-vpc --vpc-id=vpc-9a5c2bfe
jcomeau@aspire:~$

好的，所以这对我的所有人来说都不起作用。这是另一个：

jcomeau@aspire:~$ aws ec2 describe-internet-gateways
{
    "InternetGateways": [
        {
            "Tags": [], 
            "InternetGatewayId": "igw-37e81153", 
            "Attachments": [
                {
                    "State": "available", 
                    "VpcId": "vpc-e2087c86"
                }
            ]
        }
    ]
}
jcomeau@aspire:~$ aws ec2 detach-internet-gateway --internet-gateway-id=igw-37e81153 --vpc-id=vpc-e2087c86
jcomeau@aspire:~$ aws ec2 delete-internet-gateway --internet-gateway-id=igw-37e81153
jcomeau@aspire:~$ aws ec2 delete-vpc --vpc-id=vpc-e2087c86
jcomeau@aspire:~$

Question 2

我刚刚发现了这个脚本：https://aws.amazon.com/premiumsupport/knowledge-center/troubleshoot-dependency-error-delete-vpc/

#!/bin/bash
vpc="vpc-xxxxxxxxxxxxx" 
aws ec2 describe-internet-gateways --filters 'Name=attachment.vpc-id,Values='$vpc | grep InternetGatewayId
aws ec2 describe-subnets --filters 'Name=vpc-id,Values='$vpc | grep SubnetId
aws ec2 describe-route-tables --filters 'Name=vpc-id,Values='$vpc | grep RouteTableId
aws ec2 describe-network-acls --filters 'Name=vpc-id,Values='$vpc | grep NetworkAclId
aws ec2 describe-vpc-peering-connections --filters 'Name=requester-vpc-info.vpc-id,Values='$vpc | grep VpcPeeringConnectionId
aws ec2 describe-vpc-endpoints --filters 'Name=vpc-id,Values='$vpc | grep VpcEndpointId
aws ec2 describe-nat-gateways --filter 'Name=vpc-id,Values='$vpc | grep NatGatewayId
aws ec2 describe-security-groups --filters 'Name=vpc-id,Values='$vpc | grep GroupId
aws ec2 describe-instances --filters 'Name=vpc-id,Values='$vpc | grep InstanceId
aws ec2 describe-vpn-connections --filters 'Name=vpc-id,Values='$vpc | grep VpnConnectionId
aws ec2 describe-vpn-gateways --filters 'Name=attachment.vpc-id,Values='$vpc | grep VpnGatewayId
aws ec2 describe-network-interfaces --filters 'Name=vpc-id,Values='$vpc | grep NetworkInterfaceId

这帮助我找到了问题。也许会有用。

Answer

我刚刚发现了这个脚本：https://aws.amazon.com/premiumsupport/knowledge-center/troubleshoot-dependency-error-delete-vpc/

#!/bin/bash
vpc="vpc-xxxxxxxxxxxxx" 
aws ec2 describe-internet-gateways --filters 'Name=attachment.vpc-id,Values='$vpc | grep InternetGatewayId
aws ec2 describe-subnets --filters 'Name=vpc-id,Values='$vpc | grep SubnetId
aws ec2 describe-route-tables --filters 'Name=vpc-id,Values='$vpc | grep RouteTableId
aws ec2 describe-network-acls --filters 'Name=vpc-id,Values='$vpc | grep NetworkAclId
aws ec2 describe-vpc-peering-connections --filters 'Name=requester-vpc-info.vpc-id,Values='$vpc | grep VpcPeeringConnectionId
aws ec2 describe-vpc-endpoints --filters 'Name=vpc-id,Values='$vpc | grep VpcEndpointId
aws ec2 describe-nat-gateways --filter 'Name=vpc-id,Values='$vpc | grep NatGatewayId
aws ec2 describe-security-groups --filters 'Name=vpc-id,Values='$vpc | grep GroupId
aws ec2 describe-instances --filters 'Name=vpc-id,Values='$vpc | grep InstanceId
aws ec2 describe-vpn-connections --filters 'Name=vpc-id,Values='$vpc | grep VpnConnectionId
aws ec2 describe-vpn-gateways --filters 'Name=attachment.vpc-id,Values='$vpc | grep VpnGatewayId
aws ec2 describe-network-interfaces --filters 'Name=vpc-id,Values='$vpc | grep NetworkInterfaceId

这帮助我找到了问题。也许会有用。

Question 3

我相信没有 CLI 函数可以返回导致 DependencyViolation 错误的原因，因此您有两个选择：

登录 AWS 管理控制台并搜索指向 VPC 的任何组件，它可以是安全组、子网、路由器表、EC2 等；
与 AWS 支持团队取得联系，检查他们是否可以为您找出原因。

Answer

我相信没有 CLI 函数可以返回导致 DependencyViolation 错误的原因，因此您有两个选择：

登录 AWS 管理控制台并搜索指向 VPC 的任何组件，它可以是安全组、子网、路由器表、EC2 等；
与 AWS 支持团队取得联系，检查他们是否可以为您找出原因。

Question 4

原则上，如果重新运行几次，这个方法就会起作用...每次运行之间间隔大约 5 秒...但我确信它存在一些错误...因此请随意编辑/建议其他功能...

 # probably a buggy one but just to get you start with something
 # ensure your default output is json + you have default region ... 
 aws ec2 describe-internet-gateways --filters 'Name=attachment.vpc-id,Values='$vpc_id \
       | jq -r ".InternetGateways[].InternetGatewayId"
    # terminate all vpc instances
    while read -r instance_id ; do
       aws ec2 terminate-instances --instance-ids $instance_id
    done < <(aws ec2 describe-instances --filters 'Name=vpc-id,Values='$vpc_id \
       | jq -r '.Reservations[].Instances[].InstanceId')

    while read -r sg ; do
       aws ec2 delete-security-group --group-id $sg
    done < <(aws ec2 describe-security-groups --filters 'Name=vpc-id,Values='$vpc_id \
       | jq -r '.SecurityGroups[].GroupId')

    while read -r rt_id ; do
       aws ec2 delete-route-table --route-table-id $rt_id ;
    done < <(aws ec2 describe-route-tables --filters 'Name=vpc-id,Values='$vpc_id | \
       jq -r .RouteTables[].RouteTableId)

    while read -r ig_id ; do
       aws ec2 detach-internet-gateway --internet-gateway-id $ig_id --vpc-id $vpc_id
    done < <(aws ec2 describe-internet-gateways --filters 'Name=attachment.vpc-id,Values='$vpc_id  \
       | jq -r ".InternetGateways[].InternetGatewayId")

    while read -r ig_id ; do
       aws ec2 delete-internet-gateway --internet-gateway-id $ig_id --vpc-id $vpc_id
    done < <(aws ec2 describe-internet-gateways --filters 'Name=attachment.vpc-id,Values='$vpc_id  \
       | jq -r ".InternetGateways[].InternetGatewayId")

    # delete all vpc subnets
    while read -r subnet_id ; do
       aws ec2 delete-subnet --subnet-id "$subnet_id"
    done < <(aws ec2 describe-subnets --filters 'Name=vpc-id,Values='$vpc_id | jq -r '.Subnets[].SubnetId')

    # delete the whole vpc
    aws ec2 delete-vpc --vpc-id=$vpc_id

Answer

原则上，如果重新运行几次，这个方法就会起作用...每次运行之间间隔大约 5 秒...但我确信它存在一些错误...因此请随意编辑/建议其他功能...

 # probably a buggy one but just to get you start with something
 # ensure your default output is json + you have default region ... 
 aws ec2 describe-internet-gateways --filters 'Name=attachment.vpc-id,Values='$vpc_id \
       | jq -r ".InternetGateways[].InternetGatewayId"
    # terminate all vpc instances
    while read -r instance_id ; do
       aws ec2 terminate-instances --instance-ids $instance_id
    done < <(aws ec2 describe-instances --filters 'Name=vpc-id,Values='$vpc_id \
       | jq -r '.Reservations[].Instances[].InstanceId')

    while read -r sg ; do
       aws ec2 delete-security-group --group-id $sg
    done < <(aws ec2 describe-security-groups --filters 'Name=vpc-id,Values='$vpc_id \
       | jq -r '.SecurityGroups[].GroupId')

    while read -r rt_id ; do
       aws ec2 delete-route-table --route-table-id $rt_id ;
    done < <(aws ec2 describe-route-tables --filters 'Name=vpc-id,Values='$vpc_id | \
       jq -r .RouteTables[].RouteTableId)

    while read -r ig_id ; do
       aws ec2 detach-internet-gateway --internet-gateway-id $ig_id --vpc-id $vpc_id
    done < <(aws ec2 describe-internet-gateways --filters 'Name=attachment.vpc-id,Values='$vpc_id  \
       | jq -r ".InternetGateways[].InternetGatewayId")

    while read -r ig_id ; do
       aws ec2 delete-internet-gateway --internet-gateway-id $ig_id --vpc-id $vpc_id
    done < <(aws ec2 describe-internet-gateways --filters 'Name=attachment.vpc-id,Values='$vpc_id  \
       | jq -r ".InternetGateways[].InternetGatewayId")

    # delete all vpc subnets
    while read -r subnet_id ; do
       aws ec2 delete-subnet --subnet-id "$subnet_id"
    done < <(aws ec2 describe-subnets --filters 'Name=vpc-id,Values='$vpc_id | jq -r '.Subnets[].SubnetId')

    # delete the whole vpc
    aws ec2 delete-vpc --vpc-id=$vpc_id

如何在 AWS CLI 中列出所有 VPC 依赖项？

答案1

答案2

答案3

答案4

相关内容