QuickSight: Fixing VPC Connection Deletion Failed Issues

By khoanc, at: March 17, 2025, 10:17 p.m.

Estimated Reading Time: __READING_TIME__ minutes

QuickSight: Fixing VPC Connection Deletion Failed Issues
QuickSight: Fixing VPC Connection Deletion Failed Issues

When working with AWS QuickSight, you may need to delete a VPC connection to set up a new one. However, this process isn't always smooth. Common issues like "VPC Connection is in use" or orphaned datasets preventing deletion can usually be resolved with AWS CLI commands.

 

But there’s one particularly frustrating issue that can waste hours because QuickSight doesn’t provide a clear error message:
 

  • When deleting the VPC connection, QuickSight shows a success message, and the status changes to UNAVAILABLE.
     
  • Running the delete command via AWS CLI returns DELETION_IN_PROGRESS.
     
  • However, after a few minutes, the VPC connection is still there, unchanged.
     
  • Checking the VPC connection details reveals that network interfaces failed to delete (DELETION_FAILED).
  • You can delete related VPC's network interfaces because they are managed by QuickSight

   

The Real Issue: IAM Role Permissions

The root cause is insufficient IAM permissions for the role that QuickSight is using. To check which IAM role is in use (admin access required):
Manage QuickSight → Security & Permissions → IAM Role in Use
 

  • If you’re using the default QuickSight role, it’s likely aws-quicksight-service-role-v0 or aws-quicksight-s3-consumers-role-v0.
     
  • If you’re using a custom IAM role, it may be missing critical permissions, such as:
     
    • "ec2:CreateNetworkInterface"
    • "ec2:ModifyNetworkInterfaceAttribute"
    • "ec2:DeleteNetworkInterface"
    • "ec2:DescribeSubnets"
    • "ec2:DescribeSecurityGroups"
       

How to fix?

 

  • The fastest solution (not recommended for production, but effective) is to temporarily assign AmazonEC2FullAccess permission to the role that being used by QuickSight and try deleting the connection again.
     
  • A more secure approach is to manually add only the missing permissions and retry the deletion.

 

Preventing This Issue in the Future


This permission issue can also occur when creating a VPC connection, especially if you use a custom IAM role instead of the default QuickSight role. To avoid long debugging sessions, always check IAM permissions first when encountering errors.

By understanding this hidden pitfall, you can save hours of troubleshooting and manage QuickSight VPC connections more efficiently! 

REF: https://repost.aws/knowledge-center/quicksight-permission-errors

Tag list:
- QuickSight
- AWS VPC connection
- QuickSight VPC connection stuck
- AWS QuickSight troubleshooting
- AWS QuickSight permissions error
- QuickSight network interface deletion failed
- AWS QuickSight network interface issue
- AWS
- Delete VPC connection QuickSight
- Fix QuickSight VPC deletion
- AWS QuickSight VPC connection issue
- QuickSight IAM role permissions
- QuickSight VPC deletion failed

Subscribe

Subscribe to our newsletter and never miss out lastest news.