-
Notifications
You must be signed in to change notification settings - Fork 16
/
run_terminate_eb_iam.py
executable file
·38 lines (28 loc) · 1.26 KB
/
run_terminate_eb_iam.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
from run_common import AWSCli
def terminate_iam_profile_for_ec2_instances(name):
aws_cli = AWSCli()
policy_name = f'aws-elasticbeanstalk-{name}-ec2-policy'
role_name = f'aws-elasticbeanstalk-{name}-ec2-role'
cmd = ['iam', 'delete-role-policy']
cmd += ['--role-name', role_name]
cmd += ['--policy-name', policy_name]
aws_cli.run(cmd, ignore_error=True)
cmd = ['iam', 'detach-role-policy']
cmd += ['--role-name', role_name]
cmd += ['--policy-arn', 'arn:aws:iam::aws:policy/AWSElasticBeanstalkWebTier']
aws_cli.run(cmd, ignore_error=True)
cmd = ['iam', 'detach-role-policy']
cmd += ['--role-name', role_name]
cmd += ['--policy-arn', 'arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore']
aws_cli.run(cmd, ignore_error=True)
profile_name = f'aws-elasticbeanstalk-{name}-instance-profile'
cmd = ['iam', 'remove-role-from-instance-profile']
cmd += ['--instance-profile-name', profile_name]
cmd += ['--role-name', role_name]
aws_cli.run(cmd, ignore_error=True)
cmd = ['iam', 'delete-role']
cmd += ['--role-name', role_name]
aws_cli.run(cmd, ignore_error=True)
cmd = ['iam', 'delete-instance-profile']
cmd += ['--instance-profile-name', profile_name]
aws_cli.run(cmd, ignore_error=True)