#!/usr/bin/env bash # remove-app.sh — Tear down all AWS resources for Notes App # Usage: source .env && ./remove-app.sh set -euo pipefail : "${AWS_REGION:?Set AWS_REGION}" : "${AWS_ACCOUNT_ID:?Set AWS_ACCOUNT_ID}" APP="notes-app" CLUSTER="${APP}-cluster" log() { echo "▶ $*"; } # ── 1. Scale down ECS services ──────────────────────────────────────────────── log "Scaling down ECS services..." for SVC in "${APP}-backend" "${APP}-frontend"; do aws ecs update-service --cluster "$CLUSTER" --service "$SVC" \ --desired-count 0 --region "$AWS_REGION" --output none 2>/dev/null || true done log "Waiting for tasks to stop..." aws ecs wait services-stable --cluster "$CLUSTER" \ --services "${APP}-backend" "${APP}-frontend" --region "$AWS_REGION" 2>/dev/null || true # ── 2. Delete ECS services ──────────────────────────────────────────────────── log "Deleting ECS services..." for SVC in "${APP}-backend" "${APP}-frontend"; do aws ecs delete-service --cluster "$CLUSTER" --service "$SVC" \ --force --region "$AWS_REGION" --output none 2>/dev/null || true done # ── 3. Deregister task definitions ─────────────────────────────────────────── log "Deregistering task definitions..." for FAMILY in "${APP}-backend" "${APP}-frontend"; do ARNS=$(aws ecs list-task-definitions --family-prefix "$FAMILY" \ --query "taskDefinitionArns" --output text --region "$AWS_REGION" 2>/dev/null || true) for ARN in $ARNS; do aws ecs deregister-task-definition --task-definition "$ARN" \ --region "$AWS_REGION" --output none 2>/dev/null || true done done # ── 4. Delete ECS cluster ───────────────────────────────────────────────────── log "Deleting ECS cluster..." aws ecs delete-cluster --cluster "$CLUSTER" --region "$AWS_REGION" --output none 2>/dev/null || true # ── 5. Delete ALB, listeners, target groups ─────────────────────────────────── log "Deleting ALB..." ALB_ARN=$(aws elbv2 describe-load-balancers --names "${APP}-alb" \ --query "LoadBalancers[0].LoadBalancerArn" --output text --region "$AWS_REGION" 2>/dev/null || echo "") if [ -n "$ALB_ARN" ] && [ "$ALB_ARN" != "None" ]; then # Delete listeners first LISTENER_ARNS=$(aws elbv2 describe-listeners --load-balancer-arn "$ALB_ARN" \ --query "Listeners[*].ListenerArn" --output text --region "$AWS_REGION" 2>/dev/null || true) for L in $LISTENER_ARNS; do aws elbv2 delete-listener --listener-arn "$L" --region "$AWS_REGION" --output none 2>/dev/null || true done aws elbv2 delete-load-balancer --load-balancer-arn "$ALB_ARN" \ --region "$AWS_REGION" --output none 2>/dev/null || true log "Waiting for ALB to be deleted..." aws elbv2 wait load-balancers-deleted --load-balancer-arns "$ALB_ARN" \ --region "$AWS_REGION" 2>/dev/null || true fi log "Deleting target groups..." for TG_NAME in "${APP}-frontend-tg" "${APP}-backend-tg"; do TG_ARN=$(aws elbv2 describe-target-groups --names "$TG_NAME" \ --query "TargetGroups[0].TargetGroupArn" --output text --region "$AWS_REGION" 2>/dev/null || echo "") if [ -n "$TG_ARN" ] && [ "$TG_ARN" != "None" ]; then aws elbv2 delete-target-group --target-group-arn "$TG_ARN" \ --region "$AWS_REGION" --output none 2>/dev/null || true fi done # ── 6. Delete RDS instance ──────────────────────────────────────────────────── log "Deleting RDS instance (skip final snapshot)..." aws rds delete-db-instance \ --db-instance-identifier "${APP}-db" \ --skip-final-snapshot \ --region "$AWS_REGION" --output none 2>/dev/null || true log "Waiting for RDS to be deleted (this takes ~5 min)..." aws rds wait db-instance-deleted \ --db-instance-identifier "${APP}-db" --region "$AWS_REGION" 2>/dev/null || true # ── 7. Delete ECR repositories ──────────────────────────────────────────────── log "Deleting ECR repositories..." for REPO in "${APP}-backend" "${APP}-frontend"; do aws ecr delete-repository --repository-name "$REPO" \ --force --region "$AWS_REGION" --output none 2>/dev/null || true done # ── 8. Delete security groups ───────────────────────────────────────────────── log "Deleting security groups..." VPC_ID=$(aws ec2 describe-vpcs --filters "Name=isDefault,Values=true" \ --query "Vpcs[0].VpcId" --output text --region "$AWS_REGION") for SG_NAME in "${APP}-ecs-sg" "${APP}-rds-sg" "${APP}-alb-sg"; do SG_ID=$(aws ec2 describe-security-groups \ --filters "Name=group-name,Values=${SG_NAME}" "Name=vpc-id,Values=${VPC_ID}" \ --query "SecurityGroups[0].GroupId" --output text --region "$AWS_REGION" 2>/dev/null || echo "") if [ -n "$SG_ID" ] && [ "$SG_ID" != "None" ]; then aws ec2 delete-security-group --group-id "$SG_ID" \ --region "$AWS_REGION" --output none 2>/dev/null || true fi done # ── 9. Delete Secrets Manager secret ───────────────────────────────────────── log "Deleting secret..." aws secretsmanager delete-secret \ --secret-id "${APP}/db-password" \ --force-delete-without-recovery \ --region "$AWS_REGION" --output none 2>/dev/null || true # ── 10. Delete CloudWatch log groups ───────────────────────────────────────── log "Deleting CloudWatch log groups..." aws logs delete-log-group --log-group-name "/ecs/${APP}/backend" --region "$AWS_REGION" 2>/dev/null || true aws logs delete-log-group --log-group-name "/ecs/${APP}/frontend" --region "$AWS_REGION" 2>/dev/null || true # ── 11. Detach and delete IAM role ──────────────────────────────────────────── log "Cleaning up IAM role..." aws iam detach-role-policy \ --role-name "${APP}-exec-role" \ --policy-arn arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy 2>/dev/null || true aws iam delete-role --role-name "${APP}-exec-role" 2>/dev/null || true echo "" echo "════════════════════════════════════════════════════════════" echo " ✅ All resources removed." echo " Note: ACM certificate was NOT deleted (manual step)." echo " To delete: aws acm delete-certificate --certificate-arn " echo "════════════════════════════════════════════════════════════"