Installation method
Own AWS account
What happened?
Summary :
- The de-installation script running in the IDE does not have IAM permissions to deactivate termination protection for three CloudFormation stacks:
eksctl-eks-workshop-nodegroup-defaulteksctl-eks-workshop-addon-vpc-cnieksctl-eks-workshop-cluster.
- After removing manually (AWS Console, CloudFormation service) the termination protection for the three stacks, the de-installation script runs smoothly:
ec2-user:~/environment:$ eksctl delete cluster $EKS_CLUSTER_NAME --wait
2026-05-29 17:40:56 [ℹ] deleting EKS cluster "eks-workshop"
2026-05-29 17:40:56 [ℹ] deleted 0 Fargate profile(s)
2026-05-29 17:40:57 [ℹ] cleaning up AWS load balancers created by Kubernetes objects of Kind Service or Ingress
2026-05-29 17:40:57 [ℹ] 1 task: { delete cluster control plane "eks-workshop" }
2026-05-29 17:40:57 [ℹ] will delete stack "eksctl-eks-workshop-cluster"
2026-05-29 17:40:57 [ℹ] waiting for stack "eksctl-eks-workshop-cluster" to get deleted
2026-05-29 17:40:57 [ℹ] waiting for CloudFormation stack "eksctl-eks-workshop-cluster"
2026-05-29 17:41:27 [ℹ] waiting for CloudFormation stack "eksctl-eks-workshop-cluster"
2026-05-29 17:42:09 [ℹ] waiting for CloudFormation stack "eksctl-eks-workshop-cluster"
2026-05-29 17:44:07 [ℹ] waiting for CloudFormation stack "eksctl-eks-workshop-cluster"
2026-05-29 17:44:07 [✔] all cluster resources were deleted
More details
ec2-user:~/environment:$ eksctl delete cluster $EKS_CLUSTER_NAME --wait
2026-05-29 17:16:11 [ℹ] deleting EKS cluster "eks-workshop"
2026-05-29 17:16:11 [ℹ] will drain 0 unmanaged nodegroup(s) in cluster "eks-workshop"
2026-05-29 17:16:11 [ℹ] starting parallel draining, max in-flight of 1
2026-05-29 17:16:11 [ℹ] deleted 0 Fargate profile(s)
2026-05-29 17:16:11 [ℹ] cleaning up AWS load balancers created by Kubernetes objects of Kind Service or Ingress
2026-05-29 17:16:12 [ℹ]
4 sequential tasks: { delete nodegroup "default", delete IAM OIDC provider, delete addon IAM "eksctl-eks-workshop-addon-vpc-cni", delete cluster control plane "eks-workshop"
}
2026-05-29 17:16:12 [ℹ] 1 error(s) occurred while deleting cluster with nodegroup(s)
2026-05-29 17:16:12 [✖] disabling termination protection on stack "eksctl-eks-workshop-nodegroup-default": operation error CloudFormation: UpdateTerminationProtection, https response error StatusCode: 403, RequestID: bae116de-f2a1-41fc-be81-a4e051eecc68, api error AccessDenied: User: arn:aws:sts::659916668326:assumed-role/eks-workshop-ide-EksWorkshopIdeRole-3z6cj7u4F6br/i-0d7454adf4e0de595 is not authorized to perform: cloudformation:UpdateTerminationProtection on resource: arn:aws:cloudformation:eu-west-1:659916668326:stack/eksctl-eks-workshop-nodegroup-default/9cd4b2c0-5a73-11f1-9eb6-0a5f3c0af2cd because no identity-based policy allows the cloudformation:UpdateTerminationProtection action
Error: failed to delete cluster with nodegroup(s)
Once I deactivated termination protection for CFN stack eksctl-eks-workshop-nodegroup-default and retried the deletion, a similar error popped up for stack eksctl-eks-workshop-addon-vpc-cni.
Repeated the workaround and retried the deletion. This time the same error for stack eksctl-eks-workshop-cluster - did the same. after this the de-installation script ran smoothly.
What did you expect to happen?
Deletion of cluster and related resources with CloudFormation called by eksctl
How can we reproduce it?
Follow instructions from: https://www.eksworkshop.com/docs/introduction/setup/your-account/cleanup
Anything else we need to know?
- Note: running in eu-west-1 region, not one of the officially supported regions.
- Workaround:
- in the AWS Console, navigate to CloudFormation
- search for stack
eksctl-eks-workshop-nodegroup-default (or other stack that produces the same error)
- under
actions dropdown, select Edit Termination Protection
- deactivate termination protection
- then, in the IDE, repeat the eksctl command to delete.
EKS version
1.33
Installation method
Own AWS account
What happened?
Summary :
eksctl-eks-workshop-nodegroup-defaulteksctl-eks-workshop-addon-vpc-cnieksctl-eks-workshop-cluster.More details
Note: running in eu-west-1 region, not one of the officially supported regions.
Followed clean up instructions from: https://www.eksworkshop.com/docs/introduction/setup/your-account/cleanup
In IDE, first ran
delete-environment- all OKthen ran
eksctl delete cluster $EKS_CLUSTER_NAME --waitGot the following output and IAM permissions error:
Once I deactivated termination protection for CFN stack
eksctl-eks-workshop-nodegroup-defaultand retried the deletion, a similar error popped up for stackeksctl-eks-workshop-addon-vpc-cni.Repeated the workaround and retried the deletion. This time the same error for stack
eksctl-eks-workshop-cluster- did the same. after this the de-installation script ran smoothly.What did you expect to happen?
Deletion of cluster and related resources with CloudFormation called by eksctl
How can we reproduce it?
Follow instructions from: https://www.eksworkshop.com/docs/introduction/setup/your-account/cleanup
Anything else we need to know?
eksctl-eks-workshop-nodegroup-default(or other stack that produces the same error)actionsdropdown, selectEdit Termination ProtectionEKS version
1.33