Skip to content

Instantly share code, notes, and snippets.

@ojacques

ojacques/aws-delete-cfn-stacks.md

Created July 22, 2021 11:30
Show Gist options
  • Save ojacques/66fe46f71ed54163fc7b68f91d5ca9f2 to your computer and use it in GitHub Desktop.
Save ojacques/66fe46f71ed54163fc7b68f91d5ca9f2 to your computer and use it in GitHub Desktop.
Download ZIP
Delete AWS cloudformation stacks which failed deletion
Raw
aws-delete-cfn-stacks.md

Set of commands which are useful to clean after yourself when I tried to delete AWS Cloud Formation stacks when my infrasec role did not had all the needed permissions.

  • List stacks which can be deleted (DELETE_FAILED status): 
    aws cloudformation list-stacks | jq '.StackSummaries[] | select(.StackStatus=="DELETE_FAILED") | .StackName'

OR

  • List stacks which contain a specific string in their name:

    aws cloudformation list-stacks | jq '.StackSummaries[] | select(.StackName | contains("bcol")) | .StackName'

  • List all S3 buckets from those stacks:

    aws cloudformation list-stacks | jq '.StackSummaries[] | select(.StackStatus=="DELETE_FAILED") | .StackName' | get_s3_buckets_from_cf.sh

  • Delete all S3 buckets from stacks which have DELETE_FAILED status. 🔴 THIS IS A DESTRUCTIVE ACTION 🔴

    aws cloudformation list-stacks | jq '.StackSummaries[] | select(.StackStatus=="DELETE_FAILED") | .StackName' | ./get_s3_buckets_from_cf.sh | ./delete_s3_bucket.sh

  • Now, delete all Cloud formation stacks which have DELETE_FAILED status. 🔴 THIS IS A DESTRUCTIVE ACTION 🔴

    aws cloudformation list-stacks | jq '.StackSummaries[] | select(.StackStatus=="DELETE_FAILED") | .StackName' | ./delete_cf_stack.sh
Raw
delete_cf_stack.sh
#!/bin/bash
while IFS= read -r line; do
STACK=$(echo $line | tr -d '"')
aws cloudformation delete-stack --stack-name $STACK
done
Raw
delete_s3_bucket.sh
#!/bin/bash
while IFS= read -r line; do
BUCKET=$(echo $line | tr -d '"')
aws s3 rm s3://$BUCKET --recursive
done
Raw
get_s3_buckets_from_cf.sh
#!/bin/bash
while IFS= read -r line; do
STACK=$(echo $line | tr -d '"')
aws cloudformation describe-stack-resources --stack-name $STACK | jq '.StackResources[] | select (.ResourceType=="AWS::S3::Bucket") | .PhysicalResourceId'
done
Raw
gistfile1.txt
The following commands does clean up an environment provisioned with the suffix "`ojacques`".
Specifically:
* Delete the 2 cloud formation stacks created by `serverless` for probot and artifactory unlock
* Delete the AWS lambda log group
* Delete the LEX bot
```
aws cloudformation list-stacks | jq '.StackSummaries[] | select(.StackName | contains("service-ojacques-dev")) | .StackName' | ./get_s3_buckets_from_cf.sh | ./delete_s3_bucket.sh
aws cloudformation list-stacks | jq '.StackSummaries[] | select(.StackName | contains("service-ojacques-dev")) | .StackName' | ./delete_cf_stack.sh
aws cloudformation list-stacks | jq '.StackSummaries[] | select(.StackName | contains("service-probot-ojacques-dev")) | .StackName' | ./get_s3_buckets_from_cf.sh | ./delete_s3_bucket.sh
aws cloudformation list-stacks | jq '.StackSummaries[] | select(.StackName | contains("service-probot-ojacques-dev")) | .StackName' | ./delete_cf_stack.sh
aws logs delete-log-group --log-group-name "/aws/lambda/service-ojacques-dev"
aws lex-models delete-bot-alias --name default --bot-name service_ojacques
aws lex-models delete-bot --name service_ojacques
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment