It's a good DevOps practice to have all your active infrastructure under your total control. Amazon creates for you a default VPC in every region they have, even though you'd probably use only one (or two for disaster recovery). Since this VPC was not created by your code, you cannot maintain it.
This also poses a security concern because the VPC has an Internet Gateway attached so you (or most probably someone else) could easily expose the entire account to the world.
So here's a bash script that will remove all the default VPCs across all regions using some simple AWS CLI commands (you also need to have jq
installed):
#!/usr/bin/env bash
if [ "$AWS_PROFILE" = "" ]; then
echo "No AWS_PROFILE set"
exit 1
fi
for region in $(aws ec2 describe-regions --region eu-west-1 | jq -r .Regions[].RegionName); do
echo "* Region ${region}"
# get default vpc
vpc=$(aws ec2 --region ${region} \
describe-vpcs --filter Name=isDefault,Values=true \
| jq -r .Vpcs[0].VpcId)
if [ "${vpc}" = "null" ]; then
echo "No default vpc found"
continue
fi
echo "Found default vpc ${vpc}"
# get internet gateway
igw=$(aws ec2 --region ${region} \
describe-internet-gateways --filter Name=attachment.vpc-id,Values=${vpc} \
| jq -r .InternetGateways[0].InternetGatewayId)
if [ "${igw}" != "null" ]; then
echo "Detaching internet gateway ${igw}"
aws ec2 --region ${region} \
detach-internet-gateway --internet-gateway-id ${igw} --vpc-id ${vpc}
echo "Deleting internet gateway ${igw}"
aws ec2 --region ${region} \
delete-internet-gateway --internet-gateway-id ${igw}
fi
# get subnets
subnets=$(aws ec2 --region ${region} \
describe-subnets --filters Name=vpc-id,Values=${vpc} \
| jq -r .Subnets[].SubnetId)
if [ "${subnets}" != "null" ]; then
for subnet in ${subnets}; do
echo "Deleting subnet ${subnet}"
aws ec2 --region ${region} \
delete-subnet --subnet-id ${subnet}
done
fi
# https://docs.aws.amazon.com/cli/latest/reference/ec2/delete-vpc.html
# - You can't delete the main route table
# - You can't delete the default network acl
# - You can't delete the default security group
# delete default vpc
echo "Deleting vpc ${vpc}"
aws ec2 --region ${region} \
delete-vpc --vpc-id ${vpc}
done
So far I have not found a reason to restore the default VPC, but in case you need it:
aws ec2 --region ${region} create-default-vpc
You cannot have more than one default VPC per region.