diff --git a/vpc-remove-defaults/templates/delete-defaults.sh.tpl b/vpc-remove-defaults/templates/delete-defaults.sh.tpl
index dcf120f..f5d8e3a 100644
--- a/vpc-remove-defaults/templates/delete-defaults.sh.tpl
+++ b/vpc-remove-defaults/templates/delete-defaults.sh.tpl
@@ -29,14 +29,27 @@ fi
 
 if [ ! -z "${security_group}" ]
 then
-  echo "# aws --profile ${profile} --region ${region}  ec2 delete-security-group --group-id ${security_group} $DRYRUN"
-  aws --profile ${profile} --region ${region}  ec2 delete-security-group --group-id ${security_group} $DRYRUN
+  echo "# AWS does not permit the delete of the default security group ${security_group}"
+#  echo "# aws --profile ${profile} --region ${region}  ec2 delete-security-group --group-id ${security_group} $DRYRUN"
+#  aws --profile ${profile} --region ${region}  ec2 delete-security-group --group-id ${security_group} $DRYRUN
 else
   echo "# skipping delete security-group, missing"
 fi
 
+%{ for sn in subnet ~}
+if [ ! -z "${sn}" ]
+then
+  echo "# aws --profile ${profile} --region ${region}  ec2 delete-subnet --subnet-id ${sn} $DRYRUN"
+  aws --profile ${profile} --region ${region}  ec2 delete-subnet --subnet-id ${sn} $DRYRUN
+else
+  echo "# skipping delete subnet, missing"
+fi
+%{ endfor ~}
+
 if [ ! -z "${igw}" ]
 then
+  echo "# aws --profile ${profile} --region ${region}  ec2 detach-internet-gateway --internet-gateway-id ${igw} --vpc-id ${vpc} $DRYRUN"
+  aws --profile ${profile} --region ${region}  ec2 detach-internet-gateway --internet-gateway-id ${igw} --vpc-id ${vpc} $DRYRUN
   echo "# aws --profile ${profile} --region ${region}  ec2 delete-internet-gateway --internet-gateway-id ${igw} $DRYRUN"
   aws --profile ${profile} --region ${region}  ec2 delete-internet-gateway --internet-gateway-id ${igw} $DRYRUN
 else
@@ -51,16 +64,6 @@ else
   echo "# skipping delete network_acl, missing"
 fi
 
-%{ for sn in subnet ~}
-if [ ! -z "${sn}" ]
-then
-  echo "# aws --profile ${profile} --region ${region}  ec2 delete-subnet --subnet-id ${sn} $DRYRUN"
-  aws --profile ${profile} --region ${region}  ec2 delete-subnet --subnet-id ${sn} $DRYRUN
-else
-  echo "# skipping delete subnet, missing"
-fi
-%{ endfor ~}
-
 if [ ! -z "${route_table}" ]
 then
   echo "# aws --profile ${profile} --region ${region}  ec2 delete-route-table --route-table-id ${route_table} $DRYRUN"
@@ -69,14 +72,6 @@ else
   echo "# skipping delete route_table, missing"
 fi
 
-if [ ! -z "${vpc_dhcp_options}" ]
-then
-  echo "# aws --profile ${profile} --region ${region}  ec2 delete-dhcp-options --dhcp-options-id ${vpc_dhcp_options} $DRYRUN"
-  aws --profile ${profile} --region ${region}  ec2 delete-dhcp-options --dhcp-options-id ${vpc_dhcp_options} $DRYRUN
-else
-  echo "# skipping delete dhcp_options, missing"
-fi
-
 if [ ! -z "${vpc}" ]
 then
   echo "# aws --profile ${profile} --region ${region}  ec2 delete-vpc --vpc-id ${vpc} $DRYRUN"
@@ -85,4 +80,12 @@ else
   echo "# skipping delete vpc, missing"
 fi
 
+if [ ! -z "${vpc_dhcp_options}" ]
+then
+  echo "# aws --profile ${profile} --region ${region}  ec2 delete-dhcp-options --dhcp-options-id ${vpc_dhcp_options} $DRYRUN"
+  aws --profile ${profile} --region ${region}  ec2 delete-dhcp-options --dhcp-options-id ${vpc_dhcp_options} $DRYRUN
+else
+  echo "# skipping delete dhcp_options, missing"
+fi
+
 exit 0