cdk bootstrap - no destroy option

[ygoodmn]

Steps

1. run 'cdk bootstrap' creates S3 Bootstrap Bucket via cloudformation template.

2. run 'cdk bootstrap destroy' or 'cdk destroy'

Expected:
Informs you you need to remove the bootstrap bucket manually and then delete the cloudformation. (perhaps also the name and region with links)
Or : Removes the cloudformation S3 bucket , which could get below error.
-----The bucket you tried to delete is not empty (Service: Amazon S3; Status Code: 409; Error Code: BucketNotEmpty; Request ID:
Or: Option to delete the s3 bucket if empty

Current: S3 bucket not removed or no option to run.

Workaround:
Open console our use CLI to remove the s3 bucket created and the cloudformatin template

Note: Is it a standard use case to always run cdk bootstrap before initial deploy.

[RomainMuller]

The standard practice would be to run cdk bootstrap once per account/region pair you want to deploy CDK stuff into (using cdk deploy). You shouldn't need to destroy this ever (but I reckon you can if you don't intend on using the CDK anymore, or are not using the CDK toolkit for deployment).

[eladb]

I think there are use cases where people want to destroy the bootstrap stack, let alone cleaning the bucket up. Technically those buckets can fill up quite easily and incur unwanted costs for users.

I think we should support something like:

$ cdk bootstrap --destroy

And:

$ cdk boostrap --clean

[jungseoklee]

Is it a standard use case to always run cdk bootstrap before initial deploy.

As far as I know, if a template size is bigger than 50KB, cdk bootstrap turns into an essential step in order to upload the template to S3.

[Dzhuneyt]

Is it enough to just destroy the CloudFormation stack CDKToolkit that was created by the cdk bootstrap command as a measure to reverse the operation?

[Dzhuneyt]

This is also useful, for anyone who landed here: #1812 (comment)

[shivlaks]

Is it enough to just destroy the CloudFormation stack CDK Toolkit that was created by the cdk bootstrap command as a measure to reverse the operation

IIRC, If the bucket is non-empty, then the CloudFormation delete step will skip it. Only empty buckets can be deleted by destroying the stack.

[owenashurst]

Is it planned to add a delete command for this or are we just relying on the user deleting the CDKToolkit stack? Just out of curiosity

[nerdysolutions]

Just ran into this issue. i had a frontend that failed to deploy. part of that frontend deployment was a bunch of s3 buckets. i accidentally deleted the cdk staging bucket and got stuck not being able to do anything. would make total sense to be able to delete the bootstrap.

[nerdysolutions]

Thanks to this thread i was able to go into CloudFormation and delete the CDKToolkit template (otherwise I would have no idea) and then re-run cdk bootstrap after that. However, I agree it should be an option in the cli.

[moltar]

It is important to be able to un-bootstrap for the sakes of testing everything from 0 to 100%.

To clean up fast now:

aws cloudformation delete-stack --stack-name CDKToolkit
aws s3 ls | grep cdktoolkit # copy the name
aws s3 rb --force s3://cdktoolkit-stagingbucket-abcdef # replace the name here

Edit: added --force. Thanks to #986 (comment)

[apoorvmote]

I have been trying out cdk and I am really bad at naming. I named everything test. Now when I read cloudformation template I can't tell what is meaning of each test. But I was able to try out everything.

Now I would like to destory bootstrap s3 bucket and there is no option. Other than manual nuclear force delete.

@RomainMuller

The standard practice would be to run cdk bootstrap once per account/region pair you want to deploy CDK stuff into (using cdk deploy). You shouldn't need to destroy this ever (but I reckon you can if you don't intend on using the CDK anymore, or are not using the CDK toolkit for deployment).

Also within same account and within same region I plan to launch multiple project and I don't want to mix all of them into single cdk project. I want each project to have their own independant cdk project.

[apoorvmote]

PLEASE HELP

I manually deleted cdktoolkit-stagingbucket-xxx and now I tried to create another project and deploy.

Its successfully bootstrapping but it fails to deploy with following error.

[100%] fail: No bucket named 'cdktoolkit-stagingbucket-xxx'. Is account {account#} bootstrapped?

And here is when I cdk bootsrap again.

 ⏳  Bootstrapping environment aws://{account#}/eu-west-1...
 ✅  Environment aws://{account#}/eu-west-1 bootstrapped (no changes).

Again when I deploy it fails with error above

Solved

Just delete CDKToolkit named cloudformation stack from that region and bootstrap again. It worked.
Never going to manually delete anything. I almost got locked out of region for CDK.

[0xVesion]

It is important to be able to un-bootstrap for the sakes of testing everything from 0 to 100%.

To clean up fast now:

aws cloudformation delete-stack --stack-name CDKToolkit
aws s3 ls | grep cdktoolkit # copy the name
aws s3 rb s3://cdktoolkit-stagingbucket-abcdef # replace the name here

Thank you for this snippet! 👍
I needed to add --force to the last command to allow the deletion of a non empty s3 bucket.

[moltar]

Thanks @0xVesion for the correction. I edited my original comment to add the --force

[hertzsprung]

I couldn't successfully delete the CDKToolkit stack until the staging bucket was emptied. Building on earlier comments from @moltar and @0xVesion, I use:

cdk destroy
aws s3 rm --recursive s3://$(aws s3 ls | grep cdktoolkit | cut -d' ' -f3) # empty the cdktoolkit staging bucket
aws cloudformation delete-stack --stack-name CDKToolkit

[mimozell]

Would be nice to see some action on this item :)

[nikita-sheremet-clearscale]

The standard practice would be to run cdk bootstrap once per account/region pair you want to deploy CDK stuff into (using cdk deploy). You shouldn't need to destroy this ever (but I reckon you can if you don't intend on using the CDK anymore, or are not using the CDK toolkit for deployment).

But what if CDK bootstrap deploys bucket and ECR repo? How will pay for content in s3 bucket even when it is not used? Who will pay for ECR repository? What if one of my cloud applications is needed to remove? I will run cdk destroy and still pay for all file/image in bucket and ECR repo? What if some application pushed sensitive content via assets - I have to manually process all bootstrap bucket content to find and clean assets for one application - this is a lot of work.

Also what about the security? Some with access to CdkToolKit stack can break everything in my region and account?

In my opinion, it is much better to have multiple bootstrapped stacks per several (but not all!) cloud applications.

[nikita-sheremet-clearscale]

Also, look for your competitors in serverless framework - they create a bootstrap bucket per deployment or allow you to set this bucket and create it in a separate stack. They do not force users to bootstrap once.

[ghost]

Waiting for this, the concept to recreate 0% to 100% all cloud resources is a must on an automated environment 😄 , I know that the first resources like some initial IAM policies etc could not be automated at all. But all of resources that you can create with the initial IAM permissions should be deleted and created on easy way.

Any due date for that? Thanks in advance!

[TheRealAmazonKendra]

Related #19172

[github-actions]

This issue has received a significant amount of attention so we are automatically upgrading its priority. A member of the community will see the re-prioritization and provide an update on the issue.

[evgenyka]

Removing the bootstrap bucket could result in failures in future deployments, so we need to proceed with caution.
We will think about this one as part of aws/aws-cdk-rfcs#64.

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

[gshpychka]

Removing the bootstrap bucket could result in failures in future deployments, so we need to proceed with caution. We will think about this one as part of aws/aws-cdk-rfcs#64.

Sure, removing anything in the CDK toolkit stack could result in failures in future deployments - but people want to have that ability. The linked RFC does not cover destroying the CDKToolkit stack from the CLI, I believe that's a different issue.