From fbb5024fb9ff737d00b1ddf4d189e7190e5e0710 Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Wed, 16 Jul 2025 11:59:34 -0400
Subject: [PATCH] add vpc info

---
 aws/documentation/account-decommission/vpc.tf | 59 +++++++++++++++++++
 1 file changed, 59 insertions(+)
 create mode 100644 aws/documentation/account-decommission/vpc.tf

diff --git a/aws/documentation/account-decommission/vpc.tf b/aws/documentation/account-decommission/vpc.tf
new file mode 100644
index 00000000..beb96756
--- /dev/null
+++ b/aws/documentation/account-decommission/vpc.tf
@@ -0,0 +1,59 @@
+# remove vpc-endpoints, if present
+
+```script
+cd vpc/REGION/vpcN/vpc-endpoints
+tf-init
+tf-destroy
+manage-remote-state.sh delete
+tf-run clean
+rm -rf .terraform*
+```
+
+# remove tgw setup
+
+```script
+cd vpc/REGION/vpcN/tgw
+tf-init
+tf-destroy
+manage-remote-state.sh delete
+tf-run clean
+rm -rf .terraform*
+```
+
+# remove vpc
+
+First, copy tf-run.delete.data. It is in the support repo:
+
+* terraform/support/local-app/tf-run/applications/vpc/tf-run.destroy.data
+
+```script
+cd vpc/REGION/vpcN
+cp REPOPATH/terraform/support/local-app/tf-run/applications/vpc/tf-run.destroy.data ./
+```
+
+change `versions.tf` aws provider to lock to no more than 5.x.
+
+```hcl
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+```
+
+Then, follow the destroy plan:
+
+```script
+tf-run destroy
+```
+
+This will fail at the end with some for_each stuff on nacls.  To resolve:
+
+```script
+mv nacls.tf nacls.tf.off
+tf-destroy
+mv nacls.tf.off nacls.tf
+manage-remote-state.sh delete
+tf-run clean
+rm -rf .terraform*
+```