Created
March 28, 2022 15:49
-
-
Save lewismarshall/9560be0fbd5197a36dc36874a9af5e37 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# AWS DANGER TOYS - delete some stuff ;) | |
function aws-delete-policy { | |
local policy=${1:?'must specify policy arn'} | |
# find all things this policy referes to | |
local attached_roles=$(aws iam list-entities-for-policy --policy-arn "${policy}" --entity-filter Role | jq -r .PolicyRoles[].RoleName) | |
# for now just roles | |
for role in ${attached_roles}; do | |
# detach policy from role | |
echo "Detaching policy '${policy}' from role '${role}'" | |
aws iam detach-role-policy --policy-arn "${policy}" --role-name "${role}" | |
done | |
echo "Deleting policy '${policy}'" | |
aws iam delete-policy --policy-arn "${policy}" | |
} | |
function aws-delete-role { | |
local role_arn=${1:?'must specify role name or arn'} | |
local role_name=$(basename ${role_arn}) | |
# must detach all attached entities first | |
aws iam delete-role --role-name ${role_name} | |
} | |
function aws-delete-roles { | |
local filter="role/${1:?'must specify role filter'}" | |
local roles=$(aws iam list roles | jq -r '.Roles[] | .Arn' | grep ${filter}) | |
for role in ${roles}; do | |
aws-delete-role ${role} | |
done | |
} | |
function aws-list-policies { | |
local arn_filter="policy/${1:?'must specify policy filter'}" | |
aws iam list-policies | jq -r '.Policies[] | .Arn' | grep ${arn_filter} | |
} | |
function aws-delete-policies { | |
local filter=${1:?'missing policy filter'} | |
policies=$(aws-list-policies ${filter}) | |
for pol in ${policies}; do | |
aws-delete-policy ${pol} | |
done | |
} | |
function aws-stackset-sm-instance-delete { | |
local stackset=${1:?'must specify a stackset name'} | |
local deleting="false" | |
echo "-deleting stackset ${stackset}..." | |
while true ; do | |
local accounts=$(aws cloudformation list-stack-instances --stack-set-name ${stackset} | jq -r '[.Summaries[].Account] |unique| join(" ")' ) | |
local regions=$(aws cloudformation list-stack-instances --stack-set-name ${stackset} | jq -r '[.Summaries[].Region] |unique| join(" ")' ) | |
echo "${accounts}..." | |
if [[ -z "${accounts}" ]]; then | |
break; | |
fi | |
if [[ "${deleting}" == "false" ]]; then | |
# delete the stackset instances | |
echo "--Initiating stackset stack instance delete for accounts:${accounts}" | |
aws cloudformation delete-stack-instances --stack-set-name ${stackset} --accounts ${accounts} --retain-stacks --regions ${regions} | |
sleep 5 | |
deleting="true" | |
fi | |
done | |
# delete the stackset | |
aws cloudformation delete-stack-set --stack-set-name ${stackset} | |
} | |
function aws-stackset-sm-list { | |
# get all the stacksets | |
local filter=${1:?'must specify filter'} | |
aws cloudformation list-stack-sets | jq -r '.Summaries[] | select(.Status == "ACTIVE") | select(.PermissionModel == "SELF_MANAGED") .StackSetName' | grep ${filter} | |
} | |
function aws-stackset-sm-delete { | |
local filter=${1:?'must specify filter'} | |
local stacksets=$( aws-stackset-sm-list "${filter}" ) | |
for s in ${stacksets} ; do | |
echo "deleting ${s}" | |
aws-stackset-sm-instance-delete "${s}" | |
done | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment