in src/modules/grafana/cleanup_grafana_dashboard_role.py [0:0]
def main():
args = parse_args()
region = args.region
profile = args.profile
workspaceId = args.workspace_id
session = boto3.session.Session(profile_name=profile)
iam = session.client(service_name='iam', region_name=region)
# fetch IAM role created for grafana from workspace tags
ws = deploy_utils.WorkspaceUtils(
workspace_id=workspaceId,
region_name=region,
endpoint_url=args.endpoint_url,
profile=profile)
dashboard_role_name_for_workspace = ws.fetch_sample_metadata("samples_content_dashboard_role_name")
if dashboard_role_name_for_workspace is None:
print(f"No dashboard role to delete was found for workspace {workspaceId}.")
return
# get role arn
print(f"roleName: {dashboard_role_name_for_workspace}")
dashboard_role_arn_for_workspace =iam.get_role(RoleName=dashboard_role_name_for_workspace)['Role']['Arn']
print(f"roleArn: {dashboard_role_arn_for_workspace}")
account_id = dashboard_role_arn_for_workspace.split(":")[4]
iam_resource = boto3.resource('iam')
role = iam_resource.Role(dashboard_role_name_for_workspace)
for policy in role.attached_policies.all():
policy_account_id = policy.arn.split(":")[4]
if account_id == policy_account_id:
role.detach_policy(PolicyArn=policy.arn)
policy.delete()
print(f" detach+deleting managed policy: {policy.arn}")
else:
role.detach_policy(PolicyArn=policy.arn)
print(f" detach AWS-managed policy: {policy.arn}")
for policy in role.policies.all():
policy.delete()
print(f" delete inline role policy: {policy.name}")
role.delete()
print(f"Deleted role: {dashboard_role_name_for_workspace}")