Unable to delete orphaned CodeStar Connections ENI blocking VPC deletion in us-east-1

Why you can't delete it directly

That ENI is a requester-managed (service-managed) network interface. You can confirm this with:

aws ec2 describe-network-interfaces
--network-interface-ids eni-049deda6b09115953
--region us-east-1
--query 'NetworkInterfaces[].{RequesterManaged:RequesterManaged,Requester:RequesterId,Type:InterfaceType,Status:Status,Attachment:Attachment}'

RequesterManaged: true with InterfaceType: aws_codestar_connections_managed means AWS CodeConnections (formerly CodeStar Connections) created this ENI on your behalf, and RequesterId 928109601898 is the AWS service-owned account that manages it. By design you can't detach or delete it yourself — attempting to detach returns AuthFailure: You do not have permission to access the specified resource, and delete returns the "in use by another service" message you're seeing. The owning service is supposed to remove the ENI automatically when its owning resource is deleted (reference (https://repost.aws/knowledge-center/vpc-delete-elastic-network-interface)).

What the owning resource actually is

aws_codestar_connections_managed ENIs are created by a CodeConnections Host that has a VPC configuration — Hosts are used for installed/self-managed providers (GitHub Enterprise Server, GitLab self-managed, Bitbucket Data Center). When the Host is set up to reach a provider inside a VPC, CodeConnections provisions these managed ENIs. An empty list-hosts only reflects current Hosts; a Host that was partially created or deleted can leave the ENI orphaned.

Try to find the owning Host via CloudTrail before opening a case

I understand you've already checked if the host is still existing, but I would recommend to check CloudTrail. It (Event history is searchable for the last 90 days) usually still has the events that reveal the Host ARN even if the Host is gone:

1. In CloudTrail Event history, search Resource name = eni-049deda6b09115953 and look at CreateNetworkInterface — the requestParameters / principal often point to the CodeConnections Host.

2. Also search event names CreateHost / DeleteHost (eventSource codestar-connections.amazonaws.com or codeconnections.amazonaws.com) to recover the Host ARN.

3. If you recover a Host ARN, check whether it still exists and delete it — the ENI is then removed automatically:

   aws codeconnections get-host --host-arn <arn> --region us-east-1 aws codeconnections delete-host --host-arn <arn> --region us-east-1

If no owning resource exists (truly orphaned)

If CloudTrail shows the Host was already deleted (or nothing is found) and get-host returns not-found, you cannot force-delete a requester-managed ENI yourself. Open an AWS Support case (usually, a paid Support Plan is required for technical support) and ask them to remove the stale attachment. Include:

• Account ID (OwnerId): 072101540200
• Region: us-east-1
• ENI: eni-049deda6b09115953
• Attachment: ela-attach-0550a68dea0813e98
• VPC: vpc-0472249dae82e8f8e
• Note that list-connections, list-hosts, and describe-vpc-endpoints are all empty, so the ENI is orphaned.

The CodeConnections service team can identify the owning resource and clean up the stale ENI/attachment, after which the VPC delete will succeed.