Uninstall the solution - Compliant Framework for Federal and DoD Workloads in AWS GovCloud (US)

Uninstall the solution

To uninstall this solution, first remove all third-party and custom dependencies and resources that have been deployed on top of the solution, such as Next Generation Firewalls (NGFWs).

Resources that have been deployed into accounts that have been created using the GovCloud Account Vending Machine Service Catalog product, such as hosted tenant workloads, must be manually deleted.

AWS accounts that have been created by this solution, such as the Logging, Transit, and Management services accounts, will not be deleted. Use the following instructions to Close an AWS Account.

Note

This solution can be redeployed to these same accounts if the same email addresses used to create the accounts are used as input parameters to the AWS CloudFormation template.

This solution includes Python scripts to allow you to uninstall the solution.

Using AWS Command Line Interface

Prerequisites

To utilize the Compliant Framework uninstallation scripts, you must have both the AWS Command Line Interface (AWS CLI) and Python version 3.8 or later installed. You must also have access to clone the solution’s GitHub repository.

AWS CLI

The AWS CLI allows you to interact with AWS services from a terminal session. Ensure that you have the latest version of the AWS CLI installed on your system.

For more details, refer to Installing, updating, and uninstalling the AWS CLI in the AWS Command Line Interface User Guide.

Python

To uninstall the solution you must have Python version 3.8 or later. For information about downloading and installing Python, refer to the Python website.

If you use Windows, ensure that Python is on your PATH.

To check that Python is on your path, type python in a command prompt.

If you already have Python installed, but it’s not on your PATH, add it by editing the PATH environment variable: under System Properties, on the Advanced page, select Environment Variables.

If you are installing Python, select the Add Python 3.x to PATH checkbox on the first screen of the Python installer wizard to ensure that Python is on your PATH.

Uninstallation

  1. Use Git to clone a local copy of the Compliant Framework from GitHub.

    $ git clone https://github.com/awslabs/compliant-framework-for-federal-and-dod-workloads-in-aws-govcloud-us.git compliant-framework
  2. Switch directories to the framework-nuke directory.

    $ cd ./compliant-framework/deployment/framework-nuke
  3. Uninstall this solution by reversing the steps used to deploy the solution. Start by removing the AWS CodePipeline pipelines that were deployed in the Central AWS GovCloud (US) account.

    1. Configure your AWS CLI environment to use the Central AWS GovCloud (US) Account.

      $ aws configure AWS Access Key ID [***]: <<GOVCLOUD ACCESS KEY ID >> AWS Secret Access Key [***]: << GOVCLOUD SECRET ACCESS KEY >> Default region name [us-east-1]: us-gov-west-1 Default output format [json]: << enter >>
    2. Run framework_nuke_environment.py. This script deletes all resources deployed by the AWS CodePipeline compliant-framework-environment-pipeline pipeline into the AWS GovCloud (US) accounts, including the CodePipeline itself.

      $ python framework_nuke_environment.py --logging-id <logging_account_id> --transit-west-id <transit_account_id> --management-west-id <management_services_account_id>

      Example:

      $ python framework_nuke_environment.py --logging-id 111111111111 --transit-west-id 222222222222 --management-west-id 333333333333
    3. Run framework_nuke_core.py. This script deletes all resources deployed by the CodePipeline compliant-framework-core-pipeline pipeline into the AWS GovCloud (US) accounts, including the CodePipeline itself.

      $ python framework_nuke_core.py --logging-id <logging_account_id>

      Example:

      $ python framework_nuke_core.py --logging-id 111111111111
  4. After you delete the solution from your AWS GovCloud accounts, you can use the following steps to delete the AWS CloudFormation template from the Commercial Central account:

    1. Configure your AWS CLI environment to use the Central Commercial account.

      $ aws configure AWS Access Key ID [***]: << COMMERCIAL ACCESS KEY ID >> AWS Secret Access Key [***]: << COMMERCIAL SECRET ACCESS KEY >> Default region name [us-east-1]: us-east-1 Default output format [json]: << enter >>
    2. Delete the stack.

      $ aws cloudformation delete-stack --stack-name compliant-framework