-
Notifications
You must be signed in to change notification settings - Fork 0
/
delete-resources.sh
executable file
·45 lines (37 loc) · 1.4 KB
/
delete-resources.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
#!/usr/bin/env bash
export NAMESPACE=vault
export BUCKET_NAME=PUT_YOUR_BUCKET_NAME # Replace here with what you want to use for your bucket name
export REGION=ap-northeast-2
export AWS_PROFILE_NAME=EXAMPLE # Replace here with your AWS_PROFILE_NAME here
export AWS_ACCOUNT_NUMBER=$(aws sts get-caller-identity \
--profile $AWS_PROFILE_NAME | jq -r '.Account')
export POLICY_ARN="arn:aws:iam::$AWS_ACCOUNT_NUMBER:policy/vault-snapshot-agent"
kubectl delete secret vault-snapshot-agent-token -n $NAMESPACE
kubectl delete secret aws-secret -n $NAMESPACE
aws s3 rb s3://$BUCKET_NAME \
--profile $AWS_PROFILE_NAME \
--force \
--no-cli-pager
aws iam list-access-keys \
--profile $AWS_PROFILE_NAME \
--user-name vault-snapshot-agent \
--no-cli-pager | jq -r '.AccessKeyMetadata[].AccessKeyId' | xargs -I {} aws iam delete-access-key \
--profile $AWS_PROFILE_NAME \
--user-name vault-snapshot-agent \
--access-key-id {} \
--no-cli-pager
aws iam detach-user-policy \
--profile $AWS_PROFILE_NAME \
--user-name vault-snapshot-agent \
--policy-arn $POLICY_ARN
# aws iam delete-access-key \
# --profile $AWS_PROFILE_NAME \
# --user-name vault-snapshot-agent
aws iam delete-user \
--profile $AWS_PROFILE_NAME \
--user-name vault-snapshot-agent \
--no-cli-pager
aws iam delete-policy \
--profile $AWS_PROFILE_NAME \
--policy-arn $POLICY_ARN \
--no-cli-pager