I created a Security Group within the availability zone of Frankfurt and I used it for an EC2 instance in Frankfurt AZ as well.
I terminated the EC2 instance then tried to delete this Security Group I couldn't and the error message told that it's impossible to delete this security group as it is attached to two network interfaces.
I tried then to detach the related network interface and the error message told that I don't have the permission although I'm logged as a superuser.
In the details of the interface the status of the interface is "used"
I changed the availability zone to london and noticed that this Security Group doesn't exist
Questions:
1 – why I can't delete this security group, knowing that I don't have any used resource in EC2 except the default and the security group, no database, only one VPC that I can't delete.
2- how it comes that this security group does not exist in the London availability zone?
3- how to "clean out" the resources from unused policy groups?
Thank you.
Best Answer
the first thing to say is that you are mixing up Availability Zones and Regions. Frankfurt is a region, London is a region and each region has two or more availability zones. The link below explains the difference between Regions and Availability Zones:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html
When you create a Security Group you link it to a VPC, the VPC will have one or more subnets, these subnets are created in an Availability Zone in the same AWS Region as the VPC. The Security Group will not be visible in any other AWS Region apart from the region it is created in. The security group can then be used by any EC2 instance in the same VPC as the Security group.
If you delete resources like an EC2 instance, it takes time to be removed by AWS, once it has disappeared form the console and as long as no other resource is using the Security group you will be able to delete it.
Hope this helps.