-
Notifications
You must be signed in to change notification settings - Fork 16
/
run_terminate_imagebuilder_iam.py
executable file
·47 lines (35 loc) · 1.57 KB
/
run_terminate_imagebuilder_iam.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
#!/usr/bin/env python3
from run_common import AWSCli
from run_common import print_message
def terminate_iam_profile_for_imagebuilder(name):
print_message('delete imagebuilder iam')
aws_cli = AWSCli()
role_name = 'aws-imagebuilder-role'
policy_name = 'aws-imagebuilder-s3-put-ojbect-policy'
cmd = ['iam', 'delete-role-policy']
cmd += ['--role-name', role_name]
cmd += ['--policy-name', policy_name]
aws_cli.run(cmd, ignore_error=True)
cmd = ['iam', 'detach-role-policy']
cmd += ['--role-name', role_name]
cmd += ['--policy-arn', 'arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilderECRContainerBuilds']
aws_cli.run(cmd, ignore_error=True)
cmd = ['iam', 'detach-role-policy']
cmd += ['--role-name', role_name]
cmd += ['--policy-arn', 'arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilder']
aws_cli.run(cmd, ignore_error=True)
cmd = ['iam', 'detach-role-policy']
cmd += ['--role-name', role_name]
cmd += ['--policy-arn', 'arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore']
aws_cli.run(cmd, ignore_error=True)
profile_name = f'aws-imagebuilder-{name}-instance-profile'
cmd = ['iam', 'remove-role-from-instance-profile']
cmd += ['--instance-profile-name', profile_name]
cmd += ['--role-name', role_name]
aws_cli.run(cmd, ignore_error=True)
cmd = ['iam', 'delete-instance-profile']
cmd += ['--instance-profile-name', profile_name]
aws_cli.run(cmd, ignore_error=True)
cmd = ['iam', 'delete-role']
cmd += ['--role-name', role_name]
aws_cli.run(cmd, ignore_error=True)