I Built a CLI Tool to Delete Default VPCs Across All AWS Regions

This article is a machine translation of the contents of the following URL, which I wrote in Japanese:

AWS 全リージョンのデフォルト VPC を一括削除する CLI ツールを作った #Python - Qiita

はじめに こんにちは、ほうき星 @H0ukiStar です。 AWS アカウントを作成すると、デフォルト VPC と呼ばれる VPC が各リージョンに 1 つずつ作成されます。 このデフォルト VPC はパブリックサブネットのみで構成されており、これらのサブネットでは E...

qiita.com

Introduction

Hello, I’m @H0ukiStar.

When you create an AWS account, a VPC called the default VPC is automatically created in each region.

This default VPC consists only of public subnets, and the default subnets are configured to automatically assign public IP addresses when launching EC2 instances. When launching an EC2 instance from the AWS Management Console, this default VPC is also selected by default, which can lead to resources being created with unintended network configurations depending on your environment.

For this reason, if the default VPC is not needed in your organization’s network design, some teams choose to delete it in advance as part of their operational baseline.

In this article, I’ll introduce a CLI tool I created to delete default VPCs across all available regions in an AWS account.

CLI Tool for Deleting Default VPCs: aws-default-vpc-cleaner

The tool is available in the following repository:

H0ukiStar / aws-default-vpc-cleaner

A tool to delete default VPCs and related resources across all AWS regions.

AWS Default VPC Cleaner

A tool to delete default VPCs and related resources across all AWS regions.

AWSアカウント上のすべてのリージョンに存在するデフォルトVPCと関連リソースを削除するツール。

Features / 機能

• Multi-Region Support / 複数リージョン対応: Delete default VPCs across all AWS regions or specific regions / すべてのAWSリージョンまたは特定のリージョンのデフォルトVPCを削除
• Dry Run Mode / ドライランモード: List resources without deleting them / 削除せずにリソースをリスト表示
• Safe Deletion / 安全な削除: Deletes resources in the correct order to avoid dependency issues / 依存関係の問題を回避するために正しい順序でリソースを削除
• Multi-Language / 多言語対応: Supports English and Japanese output / 英語と日本語の出力をサポート
• Verbose Mode / 詳細モード: Detailed logging of operations / 操作の詳細なログ出力

Deleted Resources / 削除されるリソース

The tool deletes the following resources in order: ツールは以下のリソースを順番に削除します:

1. Internet Gateways (detached then deleted) / インターネットゲートウェイ（デタッチ後に削除）
2. Subnets / サブネット
3. Route Tables (excluding main route table) / ルートテーブル（メインルートテーブルを除く）
4. Security Groups (excluding default security group) / セキュリティグループ（デフォルトセキュリティグループを除く）
5. Network ACLs (excluding default ACL) / ネットワークACL（デフォルトACLを除く）
6. VPC / VPC

Installation / インストール

Prerequisites / 前提条件

• Python 3.10 or higher /…

View on GitHub

Installing the Tool

Build artifacts for both Linux and Windows are available in the Releases section.

Below is an installation example on CloudShell (Amazon Linux 2023).

$ wget https://github.com/H0ukiStar/aws-default-vpc-cleaner/releases/download/v1.0.0/aws-default-vpc-cleaner-v1.0.0-linux-x64
～omitted～
2026-05-21 14:35:22 (29.2 MB/s) - ‘aws-default-vpc-cleaner-v1.0.0-linux-x64’ saved [34495320/34495320]
$ chmod +x aws-default-vpc-cleaner-v1.0.0-linux-x64 
$ 
$ ./aws-default-vpc-cleaner-v1.0.0-linux-x64 --help
usage: aws-default-vpc-cleaner [-h] [--regions REGION [REGION ...]] [--dry-run] [--yes] [--lang {en,ja}] [--verbose] [--version]

Delete default VPCs and related resources across AWS regions

options:
  -h, --help            show this help message and exit
  --regions REGION [REGION ...]
                        Specify target regions (default: all regions)
  --dry-run             List resources without deleting them
  --yes, -y             Skip confirmation prompts
  --lang {en,ja}        Language for output (en/ja)
  --verbose, -v         Enable verbose output
  --version             show program's version number and exit

Examples / 使用例:
  # Delete default VPCs in all regions (with confirmation)
  # 全リージョンのデフォルトVPCを削除 (確認あり)
  aws-default-vpc-cleaner

  # Delete default VPCs in specific regions
  # 特定リージョンのデフォルトVPCを削除
  aws-default-vpc-cleaner --regions us-east-1 us-west-2

  # List default VPCs without deleting (dry-run)
  # 削除せずにデフォルトVPCをリストアップ (ドライラン)
  aws-default-vpc-cleaner --dry-run

  # Delete without confirmation
  # 確認なしで削除
  aws-default-vpc-cleaner --yes

  # Use Japanese language output
  # 日本語出力を使用
  aws-default-vpc-cleaner --lang ja

  # Verbose output
  # 詳細出力
  aws-default-vpc-cleaner --verbose

Deleting Default VPCs with the Tool

Before deleting default VPCs, it’s a good idea to first use the --dry-run option to check what resources will be affected.

As shown below, the tool lists default VPCs in all available regions, along with related resources such as internet gateways and subnets.

$ ./aws-default-vpc-cleaner-v1.0.0-linux-x64 --dry-run
Starting AWS Default VPC Cleaner...
DRY RUN MODE - No resources will be deleted
Fetching available regions...
Found 17 regions
Default VPC found: vpc-0dfe2040fc98de87c
Default VPC found: vpc-0088a011ef4fd1a43
～omitted～
Processing region: ap-south-1
Would delete InternetGateway: igw-0d46d61ebaff6cb2d
Would delete Subnet: subnet-0c5d458b14c891426
Would delete Subnet: subnet-0f875743062c40fd8
Would delete Subnet: subnet-07a484491ecaaf387
Would delete VPC: vpc-0dfe2040fc98de87c
Region ap-south-1 completed
～omitted～

=== Summary ===
Regions processed: 17
VPCs deleted: 0
Resources deleted: 0
Errors: 0

Operation completed successfully

If the resources look correct, you can run the tool without --dry-run to actually delete them.

$ ./aws-default-vpc-cleaner-v1.0.0-linux-x64 --yes
Starting AWS Default VPC Cleaner...
Fetching available regions...
Found 17 regions
Default VPC found: vpc-0dfe2040fc98de87c
Default VPC found: vpc-0088a011ef4fd1a43
～omitted～
Processing region: ap-south-1
Deleted InternetGateway: igw-0d46d61ebaff6cb2d
Deleted Subnet: subnet-0c5d458b14c891426
Deleted Subnet: subnet-0f875743062c40fd8
Deleted Subnet: subnet-07a484491ecaaf387
Deleting VPC: vpc-0dfe2040fc98de87c
VPC deleted successfully: vpc-0dfe2040fc98de87c
Region ap-south-1 completed
～omitted～

=== Summary ===
Regions processed: 17
VPCs deleted: 17
Resources deleted: 89
Errors: 0

Operation completed successfully

Available Options

--dry-run

As shown in the example above, this option lists the default VPCs and related resources that would be deleted, but does not actually delete anything.

Instead of deleting resources immediately, it is recommended to review the list first and confirm that the targets are correct.

--yes

If --yes is not specified, the tool prompts for confirmation before deleting resources.

If --yes is specified, deletion proceeds without confirmation.

--regions REGION [REGION ...]

Specifies which regions to target for deleting default VPCs.

If not specified, the tool runs against all available regions.

--lang {en,ja}

Specifies the language used for the tool’s output.

--verbose

Enables verbose output during execution.

Conclusion

Default VPCs are a convenient feature automatically created when an AWS account is provisioned, but depending on your environment, they may not always be necessary. When multiple regions are involved, deleting them manually can also become tedious.

I created aws-default-vpc-cleaner as a CLI tool to make it easier to review and remove default VPCs across all available regions in one go.

I hope this tool and article are helpful for anyone facing the same challenge.