Tear down

The following instructions will remove the resources that have a cost for running them.

Note: If you are planning on doing the lab 300_Incident_Response_with_AWS_Console_and_CLI we recommend you only tear down this stack after completing that lab as their is a dependency on AWS CloudTrail being enabled for the other lab.

Delete the stack:

  1. Sign in to the AWS Management Console, and open the CloudFormation console at https://console.aws.amazon.com/cloudformation/.
  2. Select the DetectiveControls stack.
  3. Click the Actions button then click Delete Stack.
  4. Confirm the stack and then click the Yes, Delete button.

Empty and delete the S3 buckets:

  1. Sign in to the AWS Management Console, and open the S3 console at https://console.aws.amazon.com/s3/.
  2. Select the CloudTrail bucket name you previously created without clicking the name.


  1. Click Empty bucket and enter the bucket name in the confirmation box.


  1. Click Confirm and the bucket will be emptied when the bottom task bar has 0 operations in progress.


  1. With the bucket now empty, click Delete bucket.


  1. Enter the bucket name in the confirmation box and click Confirm.


  1. Repeat steps 2 to 6 for the Config bucket you created.

References & useful resources

AWS CloudTrail User Guide AWS CloudFormation User Guide Amazon GuardDuty User Guide AWS Config User Guide