EC2VPCEndpointConnection deletion fails with "The VpcEndpointService Id '<ID> does not exist"

[byted]

Using aws-nuke version v2.25.0.30.g517cd1b (through rebuy/aws-nuke:latest docker image) we saw our nuke run fail due a EC2VPCEndpointConnection unable to be removed b/c it was already removed.

It would be nice to recognize the errors of this type and mark the resource are removed instead of failing.

Thanks for your work so far!

Log excerpt:

2024-08-24T03:12:35.2780314Z time="2024-08-24T03:12:35Z" level=error msg="InvalidVpcEndpointServiceId.NotFound: The VpcEndpointService Id 'vpce-svc-02223bfafd545c0e3' does not exist\n\tstatus code: 400, request id: 67418625-242f-43c7-9306-87f85fdcf397"

2024-08-24T03:12:35.2793444Z Error: failed
2024-08-24T03:12:35.2793707Z 

2024-08-24T03:12:35.2813564Z us-east-1 - EC2VPCEndpointConnection - vpce-svc-02223bfafd545c0e3 - [Owner: "<OWNER-ID>", State: "rejected", VpcEndpointID: "vpce-02ea55341660c0804"] - failed

[ekristen]

Did aws-nuke actually fail and exit non-zero or just log the error/warn.

[byted]

It actually error'd and exited with 255. My guess is that the API to list EC2VPCEndpointConnection resources returns data that is already marked as deleted

Here's an example run only targeting the EC2VPCEndpointConnection:

> aws-nuke -c ./housekeeping/nuke-config.yml --force  --no-dry-run > filter-test.logs 2>&1
> echo $?
255

with the logs being

aws-nuke version 2.25.0 - 2023-08-31 - 2bd22d5e5c0cf6a4011b3c08a5b1c25e2e6c75bd

Do you really want to nuke the account with the ID <ACCOUNT ID> and the alias '<ALIAS>'?
Waiting 15s before continuing.
us-east-1 - EC2VPCEndpointConnection - vpce-svc-02223bfafd545c0e3 - [Owner: "<ACCOUNT ID>", State: "rejected", VpcEndpointID: "vpce-02ea55341660c0804"] - would remove
[... 5 more ]

Scan complete: 6 total, 6 nukeable, 0 filtered.

Do you really want to nuke these resources on the account with the ID <ACCOUNT ID> and the alias '<ALIAS>'?
Waiting 15s before continuing.
us-east-1 - EC2VPCEndpointConnection - vpce-svc-02223bfafd545c0e3 - [Owner: "<ACCOUNT ID>", State: "rejected", VpcEndpointID: "vpce-02ea55341660c0804"] - failed
[... 5 more ]

Removal requested: 0 waiting, 6 failed, 0 skipped, 0 finished

us-east-1 - EC2VPCEndpointConnection - vpce-svc-02223bfafd545c0e3 - [Owner: "<ACCOUNT ID>", State: "rejected", VpcEndpointID: "vpce-02ea55341660c0804"] - failed
[... 5 more ]

Removal requested: 0 waiting, 6 failed, 0 skipped, 0 finished

us-east-1 - EC2VPCEndpointConnection - vpce-svc-02223bfafd545c0e3 - [Owner: "<ACCOUNT ID>", State: "rejected", VpcEndpointID: "vpce-02ea55341660c0804"] - failed
[... 5 more ]

Removal requested: 0 waiting, 6 failed, 0 skipped, 0 finished

time="2024-09-02T16:55:48-07:00" level=error msg="There are resources in failed state, but none are ready for deletion, anymore."

us-east-1 - EC2VPCEndpointConnection - vpce-svc-02223bfafd545c0e3 - [Owner: "<ACCOUNT ID>", State: "rejected", VpcEndpointID: "vpce-02ea55341660c0804"] - failed
time="2024-09-02T16:55:48-07:00" level=error msg="InvalidVpcEndpointServiceId.NotFound: The VpcEndpointService Id 'vpce-svc-02223bfafd545c0e3' does not exist\n\tstatus code: 400, request id: 72ee5b48-cd32-4316-b183-a55265b21273"
[... 5 more ]
Error: failed

[ekristen]

Nice. This is helpful. It looks like the API is still returning the resource in state rejected and it looks like it's not eligible for deletion in that state.

I manage a fork of over at ekristen/aws-nuke -- I'll reference this issue once I have it fixed.

[ekristen]

@byted this has been implemented via ekristen/aws-nuke#271 and originally tracked via ekristen/aws-nuke#272

This project has now been deprecated in favor of this fork, which has been linked to from the main readme. Sven kindly granted me access to directly answer and close pull requests and issues so that we can notify users if their issues have been addressed or not. Please see the welcome issue for more information.