ACCT.09 Delete unused VPCs, subnets, and security groups

To reduce the opportunity for security issues, delete resources that are not being used. In a new AWS account, by default, a virtual private cloud (VPC) is created automatically in every AWS Region. This enables you to assign public IP addresses in public subnets. If these VPCs are not needed, this introduces risk of unintended exposure of resources.

If they are not in use, delete the default VPCs in each Region, including Regions where you do not plan to deploy workloads. Before you can delete a VPC, you must first delete its dependent resources in the order of their dependencies. For example, delete Amazon Elastic Compute Cloud (Amazon EC2) instances before their subnets, and delete NAT gateways and internet gateways before the VPC. Subnets and security groups are deleted when the VPC is deleted. Attempting to delete a resource that has dependent resources will result in an error.

Note

You can view your Regions and VPCs on the Amazon EC2 Global View console. For more information, see List and filter resources across Regions using Amazon EC2 Global View in the Amazon EC2 documentation.

To delete a default VPC and its associated resources

See Delete your VPC in the Amazon Virtual Private Cloud (Amazon VPC) documentation.
Repeat this process for each Region where default VPCs exist.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

ACCT.08 Prevent public access to private Amazon S3 buckets

ACCT.10 Configure AWS Budgets to monitor your spending