Tear down

The following instructions will remove the resources that have a cost for running them.

Note: If you are planning on doing the lab 300_Incident_Response_with_AWS_Console_and_CLI we recommend you only tear down this stack after completing that lab as their is a dependency on AWS CloudTrail being enabled for the other lab.

Delete the stack:

  1. Sign in to the AWS Management Console, and open the CloudFormation console at https://console.aws.amazon.com/cloudformation/.
  2. Select the DetectiveControls stack.
  3. Click the Actions button then click Delete Stack.
  4. Confirm the stack and then click the Yes, Delete button.

Empty and delete the S3 buckets:

  1. Sign in to the AWS Management Console, and open the S3 console at https://console.aws.amazon.com/s3/.
  2. Select the CloudTrail bucket name you previously created without clicking the name.

s3-empty-bucket

  1. Click Empty bucket and enter the bucket name in the confirmation box.

s3-empty-confirm

  1. Click Confirm and the bucket will be emptied when the bottom task bar has 0 operations in progress.

s3-progress.png

  1. With the bucket now empty, click Delete bucket.

s3-delete-bucket

  1. Enter the bucket name in the confirmation box and click Confirm.

s3-delete-confirm

  1. Repeat steps 2 to 6 for the Config bucket you created.

References & useful resources

AWS CloudTrail User Guide AWS CloudFormation User Guide Amazon GuardDuty User Guide AWS Config User Guide