Wondering why ECS cluster fails to delete as part of CloudFormation stack? We can help you.
Here, at Bobcares, we assist our customers with several AWS queries as part of our AWS Support Services.
Today, let us see how our Support techs assist with this query.
ECS cluster fails to delete as part of CloudFormation stack
Basically, when we create an Amazon ECS cluster, AWS CloudFormation creates resources such as Auto Scaling groups, virtual private clouds (VPC), or load balancers.
These resources are associate with the cluster, and their presence can prevent the deletion of the cluster.
Other issues with AWS CloudFormation can also prevent the deletion of an Amazon ECS cluster.
During the cluster deletion process, your stack EC2ContainerService-yourClusterName can run into the following errors:
- “The vpc ‘vpc-1234567’ has dependencies and cannot be deleted”
- “The security group sg-123456 failed to delete due to the error “resource sg-123456 has a dependent object”
Today, let us see the steps followed by our Support Techs to resolve this issue.
Delete the cluster by skipping the resources with dependencies
1. Firstly, open the AWS CloudFormation console.
2. To find the stack that failed, for Filter, choose Active, and then choose Failed.
3. Then, select the failed stack that won’t delete.
4. Choose Actions, and then choose Delete Stack.
5. Select the check boxes next to the resources that failed to delete.
6. Choose Yes, Delete.
7. Finally, delete the Amazon ECS cluster.
Delete the retained resources
The following examples show you how to delete resources that are commonly associated with the underlying AWS CloudFormation stack.
Security group dependency example
1. To find security groups associated with the security group that you want to delete, run the following AWS CLI command:
aws ec2 describe-security-groups --filters Name=ip-permission.group-id,Values=[sg-xxxxxxxxx] --region us-east-1 | jq '.SecurityGroups .GroupId'
Please note jq is a command line JSON processor.
2. Clear the dependencies for the security group that you want to delete.
3. Finally, delete the security group resource.
VPC dependency example
1. To identify the dependent resources of your VPC, run the following AWS CLI command. Replace vpc-xxxxxxxx with your VPC value, and replace RegionId with your AWS Region code:
aws ec2 describe-subnets --filters "Name=vpc-id,Values=vpc-xxxxxxxx" --region RegionId | grep SubnetId
2. Then, clear the dependencies for the VPC that you want to delete.
3. Finally, delete the VPC.
[Need help with the process? We’d be happy to assist]
In short, we saw how our Support Techs resolve when ECS cluster fails to delete as part of CloudFormation stack.