Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cl 937 bedrock #33

Merged
merged 10 commits into from
Sep 17, 2024
Merged

Cl 937 bedrock #33

merged 10 commits into from
Sep 17, 2024

Conversation

corybekk
Copy link

@corybekk corybekk commented Sep 11, 2024
edited
Loading

Description

Added the bedrock-flowalias.go module for deleting bedrock flow-alias resources.
Added the bedrock-agentalias.go module for deleting bedrock agent-alias resources.

Observation

Note: Attempting to cleanup these resources in aws-nuke with their cloud control resource will result in the following errors:

  • Missing or invalid ResourceModel property in AWS::Bedrock::FlowAlias list handler request input.Required property: (#: required key [FlowArn] not found)"
  • Missing or invalid ResourceModel property in AWS::Bedrock::AgentAlias list handler request input.Required property: (#: required key [AgentId] not found)
BedrockFlowAlias:
- type: regex
value: ^TSTALIASID$

BedrockAgentAlias:
 - type: regex
value: ^AgentTestAlias$

Testing

you can use the bedrock.sh from the companion PR to create the flow and agent resources. It also might be helpful to comment out the other bedrock resources in the script unless they are already included in your cleanup config.

Output

Removal requested: 2 waiting, 0 failed, 1 skipped, 0 finished

us-east-1 - BedrockAgentAlias - test-alias - removed
us-east-1 - BedrockFlowAlias - test-aliast - removed

Removal requested: 0 waiting, 0 failed, 1 skipped, 2 finished

Nuke complete: 0 failed, 1 skipped, 2 finished.

dependabot bot and others added 7 commits June 5, 2024 08:55
@dependabot
Bump github.com/aws/aws-sdk-go from 1.53.10 to 1.53.15 in the golang …
4b8ea2e 
…group (rebuy-de#1229)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump the golang group across 1 directory with 2 updates (rebuy-de#1238)
18db9cc 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump github.com/aws/aws-sdk-go from 1.54.7 to 1.54.19 in the golang g…
c24e393 
…roup across 1 directory (rebuy-de#1246)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@terraform-cluster-config
Add .editorconfig
bc5b576
@corybekk
Merge branch 'main' into CL-937-bedrock
4b66bbf
@corybekk
added bedrock agent alias module
0856ebf
@corybekk
added bedrock flow alias module
1a5034e
@corybekk corybekk marked this pull request as ready for review September 12, 2024 01:36
@corybekk corybekk requested a review from a team September 12, 2024 19:55
@sstoops
Copy link
Member

sstoops commented Sep 13, 2024

By default, aws has a few test aliases already in place. These can be filtered out:

Curious about this. If we already know the pattern, wouldn't we filter them out in this module like other modules do?

swhite-oreilly
swhite-oreilly suggested changes Sep 16, 2024
View reviewed changes
Copy link

@swhite-oreilly swhite-oreilly left a comment
edited by corybekk
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@corybekk we need to add properties functions similar to something like this as they are asking for those upstream:

func (f *CodePipelineCustomActionType) Properties() types.Properties {
	properties := types.NewProperties()
	properties.Set("Category", f.category)
	properties.Set("Owner", f.owner)
	properties.Set("Provider", f.provider)
	properties.Set("Version", f.version)
	return properties
}

@swhite-oreilly I thought this was optional. I am trying to find it, can you show me where it's being asked for upstream? Edit: Added them for good measure: 2e67160. Thanks for the callout.

@swhite-oreilly
Copy link

By default, aws has a few test aliases already in place. These can be filtered out:

Curious about this. If we already know the pattern, wouldn't we filter them out in this module like other modules do?

@corybekk something is wrong with the filtering as well, when I run nuke all resources are successful except for that alias.

us-east-1 - EC2DHCPOption - dopt-0c2bec040a523efd8 - [DefaultVPC: "true", OwnerID: "645924726894"] - failed
us-east-1 - EC2InternetGatewayAttachment - igw-03982505ddea1cafd -> vpc-03d495391e21bf4b5 - [DefaultVPC: "true", igw:OwnerID: "645924726894", vpc:OwnerID: "645924726894"] - triggered remove
us-east-1 - S3Bucket - s3://knowledge-base-bucket-ded926be3ee04e8e4434 - [CreationDate: "2024-09-10T17:49:08Z", Name: "knowledge-base-bucket-ded926be3ee04e8e4434"] - triggered remove
us-east-1 - S3Bucket - s3://knowledge-base-bucket-eb61941722fad76591a6 - [CreationDate: "2024-09-10T17:41:45Z", Name: "knowledge-base-bucket-eb61941722fad76591a6"] - triggered remove
us-east-1 - S3Bucket - s3://knowledgebase-atewqtawert - [CreationDate: "2024-09-10T16:59:31Z", Name: "knowledgebase-atewqtawert"] - triggered remove
us-east-1 - EC2InternetGateway - igw-03982505ddea1cafd - [DefaultVPC: "true", OwnerID: "645924726894"] - triggered remove
us-east-1 - EC2VPC - vpc-03d495391e21bf4b5 - [ID: "vpc-03d495391e21bf4b5", IsDefault: "true", OwnerID: "645924726894"] - failed
us-east-1 - BedrockAgentAlias - agent-2747f634555dd7e6a46f - triggered remove
us-east-1 - BedrockAgentAlias - AgentTestAlias - triggered remove
us-east-1 - BedrockAgentAlias - AgentTestAlias - triggered remove
us-east-1 - BedrockAgentAlias - agent-713d2e64207434d23887 - triggered remove
us-east-1 - BedrockFlowAlias - TSTALIASID - failed
us-east-1 - BedrockFlowAlias - flow-2747f634555dd7e6a46f - triggered remove
us-east-1 - EC2Subnet - subnet-0a2327abbf2d7a28c - [DefaultForAz: "true", DefaultVPC: "true", OwnerID: "645924726894"] - triggered remove
us-east-1 - EC2Subnet - subnet-0b7cc4e152fda9aa1 - [DefaultForAz: "true", DefaultVPC: "true", OwnerID: "645924726894"] - triggered remove
us-east-1 - EC2Subnet - subnet-0d322b63b0ee3a648 - [DefaultForAz: "true", DefaultVPC: "true", OwnerID: "645924726894"] - triggered remove
us-east-1 - EC2Subnet - subnet-034f280eaa14af773 - [DefaultForAz: "true", DefaultVPC: "true", OwnerID: "645924726894"] - triggered remove
us-east-1 - EC2Subnet - subnet-03e9fab2b89928e47 - [DefaultForAz: "true", DefaultVPC: "true", OwnerID: "645924726894"] - triggered remove
us-east-1 - EC2Subnet - subnet-0e605d1258955a2fd - [DefaultForAz: "true", DefaultVPC: "true", OwnerID: "645924726894"] - triggered remove
global - IAMUserPolicy - user-hykjvesjmxyj -> default - triggered remove
global - IAMUser - user-hykjvesjmxyj - [CreateDate: "2024-09-16T14:22:38Z", Name: "user-hykjvesjmxyj", tag:owner: "oreilly-cloudlabs"] - failed
global - IAMLoginProfile - user-hykjvesjmxyj - [UserName: "user-hykjvesjmxyj"] - triggered remove
global - IAMUserAccessKey - user-hykjvesjmxyj -> AKIAZMZA5FBXB6WA6Y56 - [AccessKeyID: "AKIAZMZA5FBXB6WA6Y56", CreateDate: "2024-09-16T14:22:39Z", UserName: "user-hykjvesjmxyj", tag:owner: "oreilly-cloudlabs"] - triggered remove
global - IAMRole - bedrock-agent-role-2747f634555dd7e6a46f - [CreateDate: "2024-09-16T14:32:36Z", LastUsedDate: "2024-09-16T14:32:36Z", Name: "bedrock-agent-role-2747f634555dd7e6a46f", Path: "/"] - triggered remove
global - IAMRole - bedrock-agent-role-713d2e64207434d23887 - [CreateDate: "2024-09-16T14:23:39Z", LastUsedDate: "2024-09-16T14:23:39Z", Name: "bedrock-agent-role-713d2e64207434d23887", Path: "/"] - triggered remove

Removal requested: 21 waiting, 4 failed, 469 skipped, 0 finished

us-east-1 - EC2DHCPOption - dopt-0c2bec040a523efd8 - [DefaultVPC: "true", OwnerID: "645924726894"] - failed
us-east-1 - EC2InternetGatewayAttachment - igw-03982505ddea1cafd -> vpc-03d495391e21bf4b5 - [DefaultVPC: "true", igw:OwnerID: "645924726894", vpc:OwnerID: "645924726894"] - waiting
us-east-1 - S3Bucket - s3://knowledge-base-bucket-ded926be3ee04e8e4434 - [CreationDate: "2024-09-10T17:49:08Z", Name: "knowledge-base-bucket-ded926be3ee04e8e4434"] - waiting
us-east-1 - S3Bucket - s3://knowledge-base-bucket-eb61941722fad76591a6 - [CreationDate: "2024-09-10T17:41:45Z", Name: "knowledge-base-bucket-eb61941722fad76591a6"] - waiting
us-east-1 - S3Bucket - s3://knowledgebase-atewqtawert - [CreationDate: "2024-09-10T16:59:31Z", Name: "knowledgebase-atewqtawert"] - waiting
us-east-1 - EC2InternetGateway - igw-03982505ddea1cafd - [DefaultVPC: "true", OwnerID: "645924726894"] - waiting
us-east-1 - EC2VPC - vpc-03d495391e21bf4b5 - [ID: "vpc-03d495391e21bf4b5", IsDefault: "true", OwnerID: "645924726894"] - removed
us-east-1 - BedrockAgentAlias - agent-2747f634555dd7e6a46f - waiting
us-east-1 - BedrockAgentAlias - AgentTestAlias - waiting
us-east-1 - BedrockAgentAlias - AgentTestAlias - waiting
us-east-1 - BedrockAgentAlias - agent-713d2e64207434d23887 - waiting
us-east-1 - BedrockFlowAlias - TSTALIASID - failed
us-east-1 - BedrockFlowAlias - flow-2747f634555dd7e6a46f - waiting
us-east-1 - EC2Subnet - subnet-0a2327abbf2d7a28c - [DefaultForAz: "true", DefaultVPC: "true", OwnerID: "645924726894"] - waiting
us-east-1 - EC2Subnet - subnet-0b7cc4e152fda9aa1 - [DefaultForAz: "true", DefaultVPC: "true", OwnerID: "645924726894"] - waiting
us-east-1 - EC2Subnet - subnet-0d322b63b0ee3a648 - [DefaultForAz: "true", DefaultVPC: "true", OwnerID: "645924726894"] - waiting
us-east-1 - EC2Subnet - subnet-034f280eaa14af773 - [DefaultForAz: "true", DefaultVPC: "true", OwnerID: "645924726894"] - waiting
us-east-1 - EC2Subnet - subnet-03e9fab2b89928e47 - [DefaultForAz: "true", DefaultVPC: "true", OwnerID: "645924726894"] - waiting
us-east-1 - EC2Subnet - subnet-0e605d1258955a2fd - [DefaultForAz: "true", DefaultVPC: "true", OwnerID: "645924726894"] - waiting
global - IAMUserPolicy - user-hykjvesjmxyj -> default - waiting
global - IAMUser - user-hykjvesjmxyj - [CreateDate: "2024-09-16T14:22:38Z", Name: "user-hykjvesjmxyj", tag:owner: "oreilly-cloudlabs"] - removed
global - IAMLoginProfile - user-hykjvesjmxyj - [UserName: "user-hykjvesjmxyj"] - waiting
global - IAMUserAccessKey - user-hykjvesjmxyj -> AKIAZMZA5FBXB6WA6Y56 - [AccessKeyID: "AKIAZMZA5FBXB6WA6Y56", CreateDate: "2024-09-16T14:22:39Z", UserName: "user-hykjvesjmxyj", tag:owner: "oreilly-cloudlabs"] - waiting
global - IAMRole - bedrock-agent-role-2747f634555dd7e6a46f - [CreateDate: "2024-09-16T14:32:36Z", LastUsedDate: "2024-09-16T14:32:36Z", Name: "bedrock-agent-role-2747f634555dd7e6a46f", Path: "/"] - waiting
global - IAMRole - bedrock-agent-role-713d2e64207434d23887 - [CreateDate: "2024-09-16T14:23:39Z", LastUsedDate: "2024-09-16T14:23:39Z", Name: "bedrock-agent-role-713d2e64207434d23887", Path: "/"] - waiting

Removal requested: 21 waiting, 2 failed, 469 skipped, 2 finished

us-east-1 - EC2DHCPOption - dopt-0c2bec040a523efd8 - [DefaultVPC: "true", OwnerID: "645924726894"] - removed
us-east-1 - EC2InternetGatewayAttachment - igw-03982505ddea1cafd -> vpc-03d495391e21bf4b5 - [DefaultVPC: "true", igw:OwnerID: "645924726894", vpc:OwnerID: "645924726894"] - removed
us-east-1 - S3Bucket - s3://knowledge-base-bucket-ded926be3ee04e8e4434 - [CreationDate: "2024-09-10T17:49:08Z", Name: "knowledge-base-bucket-ded926be3ee04e8e4434"] - removed
us-east-1 - S3Bucket - s3://knowledge-base-bucket-eb61941722fad76591a6 - [CreationDate: "2024-09-10T17:41:45Z", Name: "knowledge-base-bucket-eb61941722fad76591a6"] - removed
us-east-1 - S3Bucket - s3://knowledgebase-atewqtawert - [CreationDate: "2024-09-10T16:59:31Z", Name: "knowledgebase-atewqtawert"] - removed
us-east-1 - EC2InternetGateway - igw-03982505ddea1cafd - [DefaultVPC: "true", OwnerID: "645924726894"] - removed
us-east-1 - BedrockAgentAlias - agent-2747f634555dd7e6a46f - removed
us-east-1 - BedrockAgentAlias - AgentTestAlias - removed
us-east-1 - BedrockAgentAlias - AgentTestAlias - removed
us-east-1 - BedrockAgentAlias - agent-713d2e64207434d23887 - removed
us-east-1 - BedrockFlowAlias - TSTALIASID - failed
us-east-1 - BedrockFlowAlias - flow-2747f634555dd7e6a46f - removed
us-east-1 - EC2Subnet - subnet-0a2327abbf2d7a28c - [DefaultForAz: "true", DefaultVPC: "true", OwnerID: "645924726894"] - removed
us-east-1 - EC2Subnet - subnet-0b7cc4e152fda9aa1 - [DefaultForAz: "true", DefaultVPC: "true", OwnerID: "645924726894"] - removed
us-east-1 - EC2Subnet - subnet-0d322b63b0ee3a648 - [DefaultForAz: "true", DefaultVPC: "true", OwnerID: "645924726894"] - removed
us-east-1 - EC2Subnet - subnet-034f280eaa14af773 - [DefaultForAz: "true", DefaultVPC: "true", OwnerID: "645924726894"] - removed
us-east-1 - EC2Subnet - subnet-03e9fab2b89928e47 - [DefaultForAz: "true", DefaultVPC: "true", OwnerID: "645924726894"] - removed
us-east-1 - EC2Subnet - subnet-0e605d1258955a2fd - [DefaultForAz: "true", DefaultVPC: "true", OwnerID: "645924726894"] - removed
global - IAMUserPolicy - user-hykjvesjmxyj -> default - removed
global - IAMLoginProfile - user-hykjvesjmxyj - [UserName: "user-hykjvesjmxyj"] - removed
global - IAMUserAccessKey - user-hykjvesjmxyj -> AKIAZMZA5FBXB6WA6Y56 - [AccessKeyID: "AKIAZMZA5FBXB6WA6Y56", CreateDate: "2024-09-16T14:22:39Z", UserName: "user-hykjvesjmxyj", tag:owner: "oreilly-cloudlabs"] - removed
global - IAMRole - bedrock-agent-role-2747f634555dd7e6a46f - [CreateDate: "2024-09-16T14:32:36Z", LastUsedDate: "2024-09-16T14:32:36Z", Name: "bedrock-agent-role-2747f634555dd7e6a46f", Path: "/"] - removed
global - IAMRole - bedrock-agent-role-713d2e64207434d23887 - [CreateDate: "2024-09-16T14:23:39Z", LastUsedDate: "2024-09-16T14:23:39Z", Name: "bedrock-agent-role-713d2e64207434d23887", Path: "/"] - removed

Removal requested: 0 waiting, 1 failed, 469 skipped, 24 finished

us-east-1 - BedrockFlowAlias - TSTALIASID - failed

Removal requested: 0 waiting, 1 failed, 469 skipped, 24 finished

us-east-1 - BedrockFlowAlias - TSTALIASID - failed

Removal requested: 0 waiting, 1 failed, 469 skipped, 24 finished

ERRO[0146] There are resources in failed state, but none are ready for deletion, anymore. 

us-east-1 - BedrockFlowAlias - TSTALIASID - failed
ERRO[0146] ValidationException: The test alias TSTALIASID can't be updated. Retry your request with a valid alias ID.
{
  RespMetadata: {
    StatusCode: 400,
    RequestID: "21b8f644-77d7-463a-a0ab-a1187f68eb29"
  },
  Message_: "The test alias TSTALIASID can't be updated. Retry your request with a valid alias ID."
} 
Error: failed

@corybekk
Copy link
Author

corybekk commented Sep 16, 2024
edited
Loading

By default, aws has a few test aliases already in place. These can be filtered out:

Curious about this. If we already know the pattern, wouldn't we filter them out in this module like other modules do?

Thanks @sstoops for pointing that out! I didn't realize there was an optional filter function being used in the pattern. Ive added it 5ea0b67 and will remove the settings.py filter that is in the companion PR.

here is the updated output.

aws-nuke version unknown - unknown - unknown

Do you really want to nuke the account with the ID 620827644785 and the alias 'alias-620827644785'?
Waiting 3s before continuing.
us-east-1 - BedrockAgentAlias - agent-f94292b06d0cafe49a13 - would remove
us-east-1 - BedrockAgentAlias - AgentTestAlias - cannot delete AWS managed Agent Alias
us-east-1 - BedrockFlowAlias - TSTALIASID - cannot delete AWS managed Flow Alias
us-east-1 - BedrockFlowAlias - flow-f94292b06d0cafe49a13 - would remove
Scan complete: 4 total, 2 nukeable, 2 filtered.

Do you really want to nuke these resources on the account with the ID 620827644785 and the alias 'alias-

us-east-1 - BedrockAgentAlias - agent-f94292b06d0cafe49a13 - removed
us-east-1 - BedrockFlowAlias - flow-f94292b06d0cafe49a13 - removed

Removal requested: 0 waiting, 0 failed, 2 skipped, 2 finished

Nuke complete: 0 failed, 2 skipped, 2 finished.

edit: I removed the agent alias filter. It looks like we don't need it after all. 1e5142c

@corybekk
Copy link
Author

@corybekk something is wrong with the filtering as well, when I run nuke all resources are successful except for that alias.

@swhite-oreilly it looks like you weren't filtering out the alias. It needs to be added to config.yml. Nonetheless, as per Seans comment, I have added filtering here: 5ea0b67. You should now get this as output:

us-east-1 - BedrockFlowAlias - TSTALIASID - cannot delete AWS managed Flow Alias

I also removed the agent alias because it looks like in your example you had no issues with it. I also tested locally and didn't see the alias pop up. I'm doing a little more research on this alias. Just to make sure we really don't need it.

swhite-oreilly
swhite-oreilly approved these changes Sep 16, 2024
View reviewed changes
Copy link

@swhite-oreilly swhite-oreilly left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@corybekk pending my question to Sean regarding the go/editorconfig changes, I think this looks good. Thanks for adding the filter, I just had the original team ask for these as part of the standard setup going forward. The filtering worked correctly as well, thanks!

.editorconfig
@@ -0,0 +1,132 @@
# Distributed via https://github.com/rebuy-de/terraform-cluster-config
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@corybekk I think we should probably address these editorconfig and go changes via a separate PR from main to oreilly-main. @sstoops what are your thoughts here? How were you rolling these changes in before?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Honestly, I think you've hacked on aws nuke more than I have at this point! It does look like the result of main not having been merged over to oreilly-main first. I'm not sure it's a big deal (especially given our entire uncertain future with aws nuke).

@corybekk corybekk merged commit 336fed8 into oreilly-main Sep 17, 2024
1 check passed
corybekk pushed a commit that referenced this pull request Nov 6, 2024
@ekristen
Improving Internal Tools and Documentation (#33)
17e590e 
* docs: add note about continued attribution

* chore: improve internal tooling
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sstoops sstoops sstoops left review comments

@swhite-oreilly swhite-oreilly swhite-oreilly approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@corybekk @sstoops @swhite-oreilly