in usecase-5/usecase-5-step-9-cleanup.py [0:0]
def main():
"""
###########################################
# Cleanup all resources that were created #
###########################################
"""
try:
s3_client = boto3.client('s3')
acm_pca_client = boto3.client('acm-pca')
ssm_client = boto3.client('ssm')
elbv2_client = boto3.client('elbv2')
acm_client = boto3.client('acm')
####################################################################################
# Remove all the files created in the local filesystem as part of this usecase #
####################################################################################
current_directory_path = os.path.dirname(os.path.realpath(__file__)) + '/'
print("\nThis step takes about 45 seconds to complete \n")
self_signed_cert_filename_path = current_directory_path + 'self-signed-cert.pem'
signed_subordinate_ca_cert_filename_path = current_directory_path + 'signed_subordinate_ca_cert.pem'
cert_chain_filename_path = current_directory_path + 'cert_chain.pem'
if Path(self_signed_cert_filename_path).exists():
os.remove(self_signed_cert_filename_path)
if Path(signed_subordinate_ca_cert_filename_path).exists():
os.remove(signed_subordinate_ca_cert_filename_path)
if Path(cert_chain_filename_path).exists():
os.remove(cert_chain_filename_path)
try:
subordinate_pca_arn = ssm_client.get_parameter(Name='/dp-workshop/subordinate_pca_arn')['Parameter']['Value']
if subordinate_pca_arn is not None:
response = acm_pca_client.describe_certificate_authority(
CertificateAuthorityArn=subordinate_pca_arn
)
if response['CertificateAuthority']['Status'] != 'DELETED':
if response['CertificateAuthority']['Status'] == 'ACTIVE':
response = acm_pca_client.update_certificate_authority(
CertificateAuthorityArn=subordinate_pca_arn,
Status='DISABLED'
)
response = acm_pca_client.delete_certificate_authority(
CertificateAuthorityArn=subordinate_pca_arn,
PermanentDeletionTimeInDays=7
)
time.sleep(20)
except:
print("No PCA to delete and clean up !!")
###################################################
# remove all the s3 buckets that were created #
###################################################
try:
crl_bucket_name = ssm_client.get_parameter(Name='/dp-workshop/crl_bucket_name')['Parameter']['Value']
try:
response = s3_client.list_objects(Bucket=crl_bucket_name)
if 'Contents' in response:
for object_name in response['Contents']:
response = s3_client.delete_object(
Bucket=crl_bucket_name,
Key=object_name['Key']
)
response = s3_client.delete_bucket(Bucket=crl_bucket_name)
except ClientError:
print('no bucket to clean up: '+crl_bucket_name)
except ClientError:
print('no parameter value: /dp-workshop/crl_bucket_name')
#####################################################################################################################################
# Remove HTTPS listener for the ALB, remove the TargetGroup, cleanup default security group from the ALB and cloud9 environment #
#####################################################################################################################################
# Deleting the listener created for the ALB
try:
listener_arn = ssm_client.get_parameter(Name='/dp-workshop/listener_arn')['Parameter']['Value']
response = elbv2_client.describe_listeners(
ListenerArns=[
listener_arn,
],
)
if response is not None:
response = elbv2_client.delete_listener(
ListenerArn=listener_arn
)
except:
print("No HTTPS listener found to delete and clean up !!")
# Deleting the target groups created for the ALB
try:
target_group_arn = ssm_client.get_parameter(Name='/dp-workshop/target_group_arn')['Parameter']['Value']
response = elbv2_client.describe_target_groups(
TargetGroupArns=[
target_group_arn,
],
)
if response is not None:
response = elbv2_client.delete_target_group(
TargetGroupArn=target_group_arn
)
except:
print("No Target group found for the ALB to delete and clean up !!")
time.sleep(20)
# Deleting the certificates created for the HTTPS listener of the ALB
try:
private_cert_arn = ssm_client.get_parameter(Name='/dp-workshop/private_cert_arn')['Parameter']['Value']
response = acm_client.describe_certificate(
CertificateArn=private_cert_arn
)
if response is not None:
response = acm_client.delete_certificate(
CertificateArn=private_cert_arn
)
except:
print("No private certificates for the private domain alb.workshop.com mapping to the ALB")
params = ['/dp-workshop/listener_arn',
'/dp-workshop/private_cert_arn',
'/dp-workshop/target_group_arn',
'/dp-workshop/subordinate_pca_arn',
'/dp-workshop/rootca_serial_number',
'/dp-workshop/subordinate_ca_serial_number',
'/dp-workshop/crl_bucket_name'
]
for param in params:
try:
ssm_client.delete_parameter(Name=param)
except ClientError as e:
print(("Parameter "+param+" not found in store, not deleted"))
print("\nEverything cleaned up, you are all good !!\n")
print("\nStep-9 cleanup has been successfully completed \n")
except:
print("Unexpected error:", sys.exc_info()[0])
raise
else:
exit(0)