Tear down this lab

If you are attending an in-person workshop and were provided with an AWS account by the instructor:

  • There is no need to tear down the lab. Feel free to continue exploring. Log out of your AWS account when done.

If you are using your own AWS account:

  • You may leave these resources deployed for as long as you want. When you are ready to delete these resources, see the following instructions

Remove manually provisioned resources

Some resources were created by the failure simulation scripts. You need to remove these first

  1. Go to the Network ACL console
  2. Look at the NACL entries for the VPC called ResiliencyVPC
  3. For any of these NACLs that are not Default do the following
    1. Select the NACL
    2. Actions » Edit subnet associations
    3. Uncheck all boxes and click Edit
    4. Actions » Delete network ACL

Remove AWS CloudFormation provisioned resources

As part of lab setup you have deployed several AWS CloudFormation stacks. These directions will show you:

  • How to delete an AWS CloudFormation stack
  • In what specific order the stacks must be deleted

How to delete an AWS CloudFormation stack

  1. Go to the AWS CloudFormation console: https://console.aws.amazon.com/cloudformation

  2. Select the CloudFormation stack to delete and click Delete

    DeletingWebServers

  3. In the confirmation dialog, click Delete stack

  4. The Status changes to DELETE_IN_PROGRESS

  5. Click the refresh button to update and status will ultimately progress to DELETE_COMPLETE

  6. When complete, the stack will no longer be displayed. To see deleted stacks use the drop down next to the Filter text box.

    ShowDeletedStacks

  7. To see progress during stack deletion

    • Click the stack name
    • Select the Events column
    • Refresh to see new events

Delete workshop CloudFormation stacks

  • Since AWS resources deployed by AWS CloudFormation stacks may have dependencies on the stacks that were created before, then deletion must occur in the opposite order they were created
  • Stacks with the same ordinal can be deleted at the same time. All stacks for a given ordinal must be DELETE_COMPLETE before moving on to the next ordinal

Single region

If you deployed the single region option, then delete your stacks in the following order

OrderCloudFormation stack
1WebServersforResiliencyTesting
1MySQLforResiliencyTesting
2ResiliencyVPC
2DeployResiliencyWorkshop

Multi region

If you deployed the multi region option, then see these instructions for the order in which to delete the CloudFormation stacks

Delete remaining resources

Delete Lambda execution role used to create custom resource

This role was purposely not deleted by the CloudFormation stack, because CloudFormation needs it to delete the custom resource it was used to create. Choose ONE: AWS CLI or AWS Console.

  • Do this step only after ALL CloudFormation stacks are DELETE_COMPLETE

Using AWS CLI:

aws iam delete-role-policy --role-name LambdaCustomResourceRole-SecureSsmForRds --policy-name LambdaCustomResourcePolicy

aws iam delete-role --role-name LambdaCustomResourceRole-SecureSsmForRds

Using AWS Console:

  1. Go to the IAM Roles Console: https://console.aws.amazon.com/iam/home#/roles
  2. Search for SecureSsmForRds
  3. Check the box next to LambdaCustomResourceRole-SecureSsmForRds
  4. Click Delete role button
  5. Click Yes, delete button

Delete Systems Manager parameter

The password(s) for your Amazon RDS instances were stored in AWS Systems Manager secure parameter store. These steps will verify the parameter(s) were deleted, and if not then guide you to deleting them. Choose ONE: AWS CLI or AWS Console.

  • single region You only need to do the following steps in us-east-2
  • multi region Do the following steps for both us-east-2 and **us-west-**2

Using AWS CLI:

  • In the following command use the workshop name supplied in step 1.4.4. when you ran the step function state machine. If you kept the defaults, the command will work as-is:

      aws ssm delete-parameter --name 300-ResiliencyofEC2RDSandS3
    

If you get ParameterNotFound then the password was already deleted by the CloudFormation stack (as expected).

Using AWS Console:

  1. Select the region
  2. Wait until ResiliencyVPC CloudFormation stack is DELETE_COMPLETE in the region
  3. Go to the AWS Console for AWS Systems Manager parameter store
  4. Look for the parameter created for your infrastructure. If you used our default values, this will be named 300-ResiliencyofEC2RDSandS3
  5. If it is not present (check all regions you deployed to) then you are finished
  6. If it is present then
    1. Click on the parameter name
    2. Click the Delete button
    3. Click Delete again

References & useful resources