Circular dependencies in AWS Security Groups?

3

I am unable to delete security groups on AWS. I have zero instances - running or stopped and zero aws volumes. After dozen or more attempts I have verified these messages reflect either:

a) cyclical dependency among the groups b) incorrect dependencies

I am at a loss how to delete these groups.

enter image description here

enter image description here

UPDATE I am unable to delete ANY of the following security groups. They all report dependencies among themselves. This is a mess.

enter image description here

javadba

Posted 2015-07-24T23:58:25.377

Reputation: 2 201

Answers

2

Note the last part of the message:

remove their references.

Security groups can allow traffic based on source IP address, or by allowing traffic originated by instances that are members of a security group, referencing the group id, sg-xxxxxxxx, instead of an IP address range.

For each security group you want to delete, you will need to remove any rules that reference them, inside other security groups.

The simplest approach, since you appear to have circular dependencies, would be to go into each group you already plan to delete, and simply delete all the rules and save the changes.

You don't have to delete all the rules, just the rules that reference groups you plan to delete... but since you're about to delete these groups, clicking the "x" on each row down the page is probably just as quick.

If there are no other references, you will immediately then be able to delete the groups.

If any of the groups were also referenced by rules inside groups you will not be deleting, you will need to go to those groups also, and delete only any rules that reference the groups that still can't be deleted.

Since security groups are limited to (typically) only 50 rules per group, you should be able to scroll through them and do this fairly quickly, and be done in just a few short minutes.

Note, this may seem like a point of frustration, but it is a sensible restriction to have in place: it would be a very bad thing if security groups could be deleted while outstanding references exist, and it would be unnecessarily inflexible if security groups were not allowed to have circular references under normal operations.

Michael - sqlbot

Posted 2015-07-24T23:58:25.377

Reputation: 1 103