|
1 | 1 | #!/bin/bash |
2 | 2 |
|
| 3 | +source ./scripts/infrastructure/destroy/destroy-workspace-utils.sh |
3 | 4 | source ./scripts/infrastructure/terraform/terraform-constants.sh |
4 | 5 | source ./scripts/infrastructure/terraform/terraform-utils.sh |
5 | 6 | source ./scripts/infrastructure/terraform/terraform-commands.sh |
@@ -45,90 +46,35 @@ function _destroy_corrupted_workspace() { |
45 | 46 |
|
46 | 47 | local workspace |
47 | 48 | workspace=$TERRAFORM_WORKSPACE |
48 | | - # Fetch the resources using the AWS CLI command |
49 | | - aws resourcegroupstaggingapi get-resources --tag-filters Key=Workspace,Values="$workspace" | jq -c '.ResourceTagMappingList[]' | |
50 | | - while IFS= read -r item; do |
51 | | - arn=$(jq -r '.ResourceARN' <<< "$item") |
| 49 | + local cert_name |
| 50 | + |
| 51 | + _destroy_lambdas "$workspace" |
| 52 | + _destroy_all_kms "$workspace" |
| 53 | + _delete_log_groups "$workspace" |
| 54 | + _delete_secrets "$workspace" |
| 55 | + _delete_s3_buckets "$workspace" |
| 56 | + _delete_dynamo_tables "$workspace" |
| 57 | + _delete_api_gateway "$workspace" |
| 58 | + _delete_ssm_parameters "$workspace" |
| 59 | + _delete_firehose_delivery_streams "$workspace" |
| 60 | + _delete_sqs_queues "$workspace" |
| 61 | + _delete_step_functions "$workspace" |
| 62 | + _delete_cloudwatch_events_rules "$workspace" |
| 63 | + _delete_acm_certificates "$workspace" |
| 64 | + _destroy_iam "$workspace" |
| 65 | + _delete_resource_groups "$workspace" |
52 | 66 |
|
53 | | - case $arn in |
54 | | - arn:aws:lambda* ) |
55 | | - echo "Deleting... : $arn" |
56 | | - aws lambda delete-function --function-name $arn |
57 | | - ;; |
58 | | - arn:aws:kms* ) |
59 | | - echo "Disabling... : $arn" |
60 | | - aws kms disable-key --key-id $arn |
61 | | - echo "Deleting... ': $arn" |
62 | | - aws kms schedule-key-deletion --key-id $arn --pending-window-in-days 7 |
63 | | - ;; |
64 | | - arn:aws:logs* ) |
65 | | - echo "Deleting... : $arn" |
66 | | - new_var=$(echo "$arn" | awk -F':' '{print $NF}') |
67 | | - aws logs delete-log-group --log-group-name $new_var |
68 | | - ;; |
69 | | - arn:aws:secretsmanager* ) |
70 | | - echo "Deleting... : $arn" |
71 | | - aws secretsmanager delete-secret --secret-id $arn |
72 | | - ;; |
73 | | - arn:aws:apigateway* ) |
74 | | - echo "Deleting domain-name... : $workspace" |
75 | | - aws apigateway delete-domain-name --domain-name "$workspace.api.record-locator.dev.national.nhs.uk" |
76 | | - echo "Deleting... : $arn" |
77 | | - ag_id=$(echo "$arn" | awk -F'/restapis/' '{print $2}' | awk -F'/' '{print $1}') |
78 | | - aws apigateway delete-rest-api --rest-api-id $ag_id |
79 | | - ;; |
80 | | - arn:aws:dynamodb* ) |
81 | | - echo "Deleting... : $arn" |
82 | | - new_var=$(echo "$arn" | awk -F':' '{print $NF}') |
83 | | - table=$(echo "$arn" | awk -F'/' '{print $NF}') |
84 | | - aws dynamodb delete-table --table-name $table |
85 | | - ;; |
86 | | - arn:aws:s3* ) |
87 | | - echo "Deleting... : $arn" |
88 | | - new_var=$(echo "$arn" | awk -F':' '{print $NF}') |
89 | | - local versioned_objects |
90 | | - versioned_objects=$(aws s3api list-object-versions \ |
91 | | - --bucket "${new_var}" \ |
92 | | - --output=json \ |
93 | | - --query='{Objects: Versions[].{Key:Key,VersionId:VersionId}}') || return 1 |
94 | | - aws s3api delete-objects \ |
95 | | - --bucket "${new_var}" \ |
96 | | - --delete "${versioned_objects}" || echo "Ignore the previous warning - an empty bucket is a good thing" |
97 | | - echo "Waiting for bucket contents to be deleted..." && sleep 10 |
98 | | - aws s3 rb "s3://${new_var}" --force || echo "Bucket could not be deleted at this time. You should go to the AWS Console and delete the bucket manually." |
99 | | - ;; |
100 | | - arn:aws:ssm* ) |
101 | | - echo "Deleting... : $arn" |
102 | | - new_var=$(echo "$arn" | awk -F':' '{print $NF}') |
103 | | - suffix=$(echo "$arn" | awk -F'/' '{print $NF}') |
104 | | - name=$(echo "$new_var" | awk -F'/' '{print $(NF-1)}') |
105 | | - aws ssm delete-parameter --name $name/$suffix |
106 | | - ;; |
107 | | - arn:aws:acm* ) |
108 | | - echo "Deleting... : $arn" |
109 | | - aws acm delete-certificate --certificate-arn $arn |
110 | | - ;; |
111 | | - arn:aws:firehose* ) |
112 | | - echo "Deleting... : $arn" |
113 | | - new_var=$(echo "$arn" | awk -F':' '{print $NF}') |
114 | | - name=$(echo "$new_var" | awk -F'/' '{print $NF}') |
115 | | - aws firehose delete-delivery-stream --delivery-stream-name $name |
116 | | - ;; |
117 | | - * ) |
118 | | - echo "Unknown ARN type: $arn" |
119 | | - ;; |
120 | | - esac |
121 | | - done |
122 | 67 | else |
123 | 68 | # Print an error message if assume-role command fails |
124 | 69 | echo "Error executing aws sts assume-role command" |
125 | 70 | fi |
126 | 71 |
|
127 | | - echo "The resources have been removed from the dev environment for the ${TERRAFORM_WORKSPACE} workspace. Please now remove it from the s3 and lock table manually on MGMT." |
| 72 | + echo "The resources have been removed from the dev environment for the ${TERRAFORM_WORKSPACE} workspace. Please run 'make terraform--destroy' to remove the state file from mgmt." |
128 | 73 |
|
129 | 74 | export AWS_ACCESS_KEY_ID="$MGMT_AWS_ACCESS_KEY_ID" |
130 | 75 | export AWS_SECRET_ACCESS_KEY="$MGMT_AWS_SECRET_ACCESS_KEY" |
131 | 76 | export AWS_SESSION_TOKEN="$MGMT_AWS_SESSION_TOKEN" |
| 77 | + |
132 | 78 | } |
133 | 79 |
|
134 | 80 | _destroy_corrupted_workspace |
0 commit comments