The Dreaded ‘Resource Has A Dependent Object’ Error

If you spend a moderate amount of time creating and modifying AWS security groups, you will inevitably encounter the “Error deleting security group sg-12345678: resource sg-12345678 has a dependent object” error message.
AWS Security Group Dependent Object Error
Trying to find the security group that includes the group you want to delete can be an exercise in futility in the console. Instead, I make use of the CLI. I dumped all of my security groups into a text file:

aws ec2 describe-security-groups > securitygroups.txt

From there, I opened the securitygroups.txt file in vim and searched for sg-12345678. One entry is for the security group itself and all other matches are for security groups that include the group I want to delete.

It’s also possible that the group is attached to a network interface. I found the solution for this situation here.

  • Nayeem Syed

    this is great! thanks!

  • DanielKM

    Here’s a tip if this yields nothing: Check your network interfaces, and in particular you ELBs. My problem was that I’d mistakenly added a couple of extra SGs to my load balancer.

  • Jeff Kilbride

    Not sure if this was available in the aws cli when you wrote this, but there’s an easier way to find dependencies:

    aws ec2 describe-security-groups –filters Name=ip-permission.group-id,Values=sg-12345678

    It’s similar for network interfaces:

    aws ec2 describe-network-interfaces –filters Name=group-id,Values=sg-12345678

    You can search for multiple group-ids using a comma separated list.