aws_cleanup.txt

In general when things are left over from failed installs or failed destroy cluster, you need to go through resource by resource and look for your partial label (e.g. mffiedler).   Oftentimes deleting the VPC will reap child resources, but to be thorough, go through (in this order):

S3: S3 bucket - this can be difficult to find.  There could be two (one starts terraform and one image-registry) - use install log or cluster creation time to find them
EC2: Instances
EC2: Load Balancers (also search on the VPC IOD for ELBs that show up - there are sometimes "hidden" ELBs in the same VPC)
VPC: NAT Gateways (Delete 1-by-1, they take time to actually delete and can old up subsequent deletes, keep refreshing)
VPC: After waiting you can try to delete the VPC itself but it will likely complain about interfaces in use
VPC: If the VPC did not delete clean you likely have to go to the security group it complains about, try to delete it and then delete any resources it thinks are in use
VPC: Security group - search by label or security group ID and try to delete
EC2: Network interfaces 
VPC: Delete VPC again - should succeed
IAM: users
Route 53: Hosted zones - have to delete record sets first, then hosted zones.  Get to record sets by clicking hosted zones

For extreme cases like Walid's where the VPC is deleted but leaked resources may exist, also check:

VPC: Elastic IPs
VPC: Subnets
VPC: Endpoints
VPC: Security Groups
VPC: Route Tables

That's about as clean as you can get.