pd371at/zkt26
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
zkt26/sk1/remove-app.sh

131 lines
7.1 KiB
Bash
Raw Permalink Blame History

#!/usr/bin/env bash
# remove-app.sh — Tear down all AWS resources for Notes App
# Usage: source .env && ./remove-app.sh
set -euo pipefail
: "${AWS_REGION:?Set AWS_REGION}"
: "${AWS_ACCOUNT_ID:?Set AWS_ACCOUNT_ID}"
APP="notes-app"
CLUSTER="${APP}-cluster"
log() { echo "$*"; }
# ── 1. Scale down ECS services ────────────────────────────────────────────────
log "Scaling down ECS services..."
for SVC in "${APP}-backend" "${APP}-frontend"; do
aws ecs update-service --cluster "$CLUSTER" --service "$SVC" \
--desired-count 0 --region "$AWS_REGION" --output none 2>/dev/null || true
done
log "Waiting for tasks to stop..."
aws ecs wait services-stable --cluster "$CLUSTER" \
--services "${APP}-backend" "${APP}-frontend" --region "$AWS_REGION" 2>/dev/null || true
# ── 2. Delete ECS services ────────────────────────────────────────────────────
log "Deleting ECS services..."
for SVC in "${APP}-backend" "${APP}-frontend"; do
aws ecs delete-service --cluster "$CLUSTER" --service "$SVC" \
--force --region "$AWS_REGION" --output none 2>/dev/null || true
done
# ── 3. Deregister task definitions ───────────────────────────────────────────
log "Deregistering task definitions..."
for FAMILY in "${APP}-backend" "${APP}-frontend"; do
ARNS=$(aws ecs list-task-definitions --family-prefix "$FAMILY" \
--query "taskDefinitionArns" --output text --region "$AWS_REGION" 2>/dev/null || true)
for ARN in $ARNS; do
aws ecs deregister-task-definition --task-definition "$ARN" \
--region "$AWS_REGION" --output none 2>/dev/null || true
done
done
# ── 4. Delete ECS cluster ─────────────────────────────────────────────────────
log "Deleting ECS cluster..."
aws ecs delete-cluster --cluster "$CLUSTER" --region "$AWS_REGION" --output none 2>/dev/null || true
# ── 5. Delete ALB, listeners, target groups ───────────────────────────────────
log "Deleting ALB..."
ALB_ARN=$(aws elbv2 describe-load-balancers --names "${APP}-alb" \
--query "LoadBalancers[0].LoadBalancerArn" --output text --region "$AWS_REGION" 2>/dev/null || echo "")
if [ -n "$ALB_ARN" ] && [ "$ALB_ARN" != "None" ]; then
# Delete listeners first
LISTENER_ARNS=$(aws elbv2 describe-listeners --load-balancer-arn "$ALB_ARN" \
--query "Listeners[*].ListenerArn" --output text --region "$AWS_REGION" 2>/dev/null || true)
for L in $LISTENER_ARNS; do
aws elbv2 delete-listener --listener-arn "$L" --region "$AWS_REGION" --output none 2>/dev/null || true
done
aws elbv2 delete-load-balancer --load-balancer-arn "$ALB_ARN" \
--region "$AWS_REGION" --output none 2>/dev/null || true
log "Waiting for ALB to be deleted..."
aws elbv2 wait load-balancers-deleted --load-balancer-arns "$ALB_ARN" \
--region "$AWS_REGION" 2>/dev/null || true
fi
log "Deleting target groups..."
for TG_NAME in "${APP}-frontend-tg" "${APP}-backend-tg"; do
TG_ARN=$(aws elbv2 describe-target-groups --names "$TG_NAME" \
--query "TargetGroups[0].TargetGroupArn" --output text --region "$AWS_REGION" 2>/dev/null || echo "")
if [ -n "$TG_ARN" ] && [ "$TG_ARN" != "None" ]; then
aws elbv2 delete-target-group --target-group-arn "$TG_ARN" \
--region "$AWS_REGION" --output none 2>/dev/null || true
fi
done
# ── 6. Delete RDS instance ────────────────────────────────────────────────────
log "Deleting RDS instance (skip final snapshot)..."
aws rds delete-db-instance \
--db-instance-identifier "${APP}-db" \
--skip-final-snapshot \
--region "$AWS_REGION" --output none 2>/dev/null || true
log "Waiting for RDS to be deleted (this takes ~5 min)..."
aws rds wait db-instance-deleted \
--db-instance-identifier "${APP}-db" --region "$AWS_REGION" 2>/dev/null || true
# ── 7. Delete ECR repositories ────────────────────────────────────────────────
log "Deleting ECR repositories..."
for REPO in "${APP}-backend" "${APP}-frontend"; do
aws ecr delete-repository --repository-name "$REPO" \
--force --region "$AWS_REGION" --output none 2>/dev/null || true
done
# ── 8. Delete security groups ─────────────────────────────────────────────────
log "Deleting security groups..."
VPC_ID=$(aws ec2 describe-vpcs --filters "Name=isDefault,Values=true" \
--query "Vpcs[0].VpcId" --output text --region "$AWS_REGION")
for SG_NAME in "${APP}-ecs-sg" "${APP}-rds-sg" "${APP}-alb-sg"; do
SG_ID=$(aws ec2 describe-security-groups \
--filters "Name=group-name,Values=${SG_NAME}" "Name=vpc-id,Values=${VPC_ID}" \
--query "SecurityGroups[0].GroupId" --output text --region "$AWS_REGION" 2>/dev/null || echo "")
if [ -n "$SG_ID" ] && [ "$SG_ID" != "None" ]; then
aws ec2 delete-security-group --group-id "$SG_ID" \
--region "$AWS_REGION" --output none 2>/dev/null || true
fi
done
# ── 9. Delete Secrets Manager secret ─────────────────────────────────────────
log "Deleting secret..."
aws secretsmanager delete-secret \
--secret-id "${APP}/db-password" \
--force-delete-without-recovery \
--region "$AWS_REGION" --output none 2>/dev/null || true
# ── 10. Delete CloudWatch log groups ─────────────────────────────────────────
log "Deleting CloudWatch log groups..."
aws logs delete-log-group --log-group-name "/ecs/${APP}/backend" --region "$AWS_REGION" 2>/dev/null || true
aws logs delete-log-group --log-group-name "/ecs/${APP}/frontend" --region "$AWS_REGION" 2>/dev/null || true
# ── 11. Detach and delete IAM role ────────────────────────────────────────────
log "Cleaning up IAM role..."
aws iam detach-role-policy \
--role-name "${APP}-exec-role" \
--policy-arn arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy 2>/dev/null || true
aws iam delete-role --role-name "${APP}-exec-role" 2>/dev/null || true
echo ""
echo "════════════════════════════════════════════════════════════"
echo " ✅ All resources removed."
echo " Note: ACM certificate was NOT deleted (manual step)."
echo " To delete: aws acm delete-certificate --certificate-arn <ARN>"
echo "════════════════════════════════════════════════════════════"
Reference in New Issue View Git Blame Copy Permalink