Skip to content

Instantly share code, notes, and snippets.

@lewismarshall
Created March 28, 2022 15:49
Show Gist options
  • Save lewismarshall/9560be0fbd5197a36dc36874a9af5e37 to your computer and use it in GitHub Desktop.
Save lewismarshall/9560be0fbd5197a36dc36874a9af5e37 to your computer and use it in GitHub Desktop.
# AWS DANGER TOYS - delete some stuff ;)
function aws-delete-policy {
local policy=${1:?'must specify policy arn'}
# find all things this policy referes to
local attached_roles=$(aws iam list-entities-for-policy --policy-arn "${policy}" --entity-filter Role | jq -r .PolicyRoles[].RoleName)
# for now just roles
for role in ${attached_roles}; do
# detach policy from role
echo "Detaching policy '${policy}' from role '${role}'"
aws iam detach-role-policy --policy-arn "${policy}" --role-name "${role}"
done
echo "Deleting policy '${policy}'"
aws iam delete-policy --policy-arn "${policy}"
}
function aws-delete-role {
local role_arn=${1:?'must specify role name or arn'}
local role_name=$(basename ${role_arn})
# must detach all attached entities first
aws iam delete-role --role-name ${role_name}
}
function aws-delete-roles {
local filter="role/${1:?'must specify role filter'}"
local roles=$(aws iam list roles | jq -r '.Roles[] | .Arn' | grep ${filter})
for role in ${roles}; do
aws-delete-role ${role}
done
}
function aws-list-policies {
local arn_filter="policy/${1:?'must specify policy filter'}"
aws iam list-policies | jq -r '.Policies[] | .Arn' | grep ${arn_filter}
}
function aws-delete-policies {
local filter=${1:?'missing policy filter'}
policies=$(aws-list-policies ${filter})
for pol in ${policies}; do
aws-delete-policy ${pol}
done
}
function aws-stackset-sm-instance-delete {
local stackset=${1:?'must specify a stackset name'}
local deleting="false"
echo "-deleting stackset ${stackset}..."
while true ; do
local accounts=$(aws cloudformation list-stack-instances --stack-set-name ${stackset} | jq -r '[.Summaries[].Account] |unique| join(" ")' )
local regions=$(aws cloudformation list-stack-instances --stack-set-name ${stackset} | jq -r '[.Summaries[].Region] |unique| join(" ")' )
echo "${accounts}..."
if [[ -z "${accounts}" ]]; then
break;
fi
if [[ "${deleting}" == "false" ]]; then
# delete the stackset instances
echo "--Initiating stackset stack instance delete for accounts:${accounts}"
aws cloudformation delete-stack-instances --stack-set-name ${stackset} --accounts ${accounts} --retain-stacks --regions ${regions}
sleep 5
deleting="true"
fi
done
# delete the stackset
aws cloudformation delete-stack-set --stack-set-name ${stackset}
}
function aws-stackset-sm-list {
# get all the stacksets
local filter=${1:?'must specify filter'}
aws cloudformation list-stack-sets | jq -r '.Summaries[] | select(.Status == "ACTIVE") | select(.PermissionModel == "SELF_MANAGED") .StackSetName' | grep ${filter}
}
function aws-stackset-sm-delete {
local filter=${1:?'must specify filter'}
local stacksets=$( aws-stackset-sm-list "${filter}" )
for s in ${stacksets} ; do
echo "deleting ${s}"
aws-stackset-sm-instance-delete "${s}"
done
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment