Comments (1)
Hello @shivalkarrahul thank you for filing this issue - I was able see the same behavior for KMS Keys and S3 Buckets but not for SQS Queues strangely, do you mind confirming the SQS Queue is not deleted on environment stack deletes?
For KMS Keys and S3 Buckets - the removal policy strategy in Cloudformation are defaulted to RETAIN
for these resources and thus the delete skips are seen such as in the above scenario. After thinking a bit through the current clean up behavior I do agree that we should update data.all to default to destroying these resources (S3 Bucket + KMS Key) if the data.all user enables the switch "Delete associated AWS CloudFormation stack"
from the UI
Thank you for the suggestion - I will add this issue to the backlog and align with the team on prioritization of this issue / communicate any next steps here!
Below I discuss a bit more on implementation and how to go about clean up currently:
For implementation
S3 Bucket CDK Construct now provides an option auto_delete_objects
that can be specified to ensure objects are deleted from a bucket before trying to delete the bucket itself. Also, there is the option to retain specific resources when calling a cfn_client.delete_stack(...)
operation so we can still provide a user a retain option if needed to avoid risk of accidental data loss/deletion
Is this similar to what you had in mind? Curious if there is a different process for which you would want data.all to handle deletions?
For manual clean up now
Cleaning up S3 and SQS can be done via console manually as long as user has correct permissions yes. For KMS Keys - it is a bit more complicated since we also have KMS Key Policies associated to each key and we restrict the key policies as much as possible to limit overly permissive users/roles.
The IAM Role that will be able to disable/delete the KMS Keys created by data.all stacks is one created by CDK of naming convention arn:aws:iam::ACCOUNT_ID:role/cdk-hnb659fds-cfn-exec-role-ACCOUNT_ID-REGION
The easiest way to delete KMS Keys would be to assume into this role and delete keys programmatically or via console once assumed into this role (NOTE: you may have to edit IAM trust relationships of this role to append your IAM entity to assume this role credentials)
from dataall.
Related Issues (20)
- Custom confidentialty mapping should be in dataset_base instead of s3_datasets section of config.json HOT 1
- Unable to delete an existing environment in v2.6 HOT 7
- Glossary Categories and Terms are not visible HOT 1
- Incorrect database shown in worksheet for a shared database created on central catalog account HOT 1
- Dataset import fails with "Database already exists" HOT 1
- Allow searching datasets by bucket name HOT 1
- Display of user friendly Database name HOT 1
- Deleting environment linked team doesn't consider draft share request on that team HOT 1
- Enhancement to error messages while deleting resources from environment ( could be extended to other resources ) HOT 1
- cw_canaries stack fails due to unsupported CloudWatch synthetics version
- Deprecation of CodeCommit prevents creation of CDK pipelines HOT 2
- Allow to configure default UI page
- Fix for persistent email reminders HOT 1
- Consumer roles list page is very slow
- Frontend: reuse common functions
- Invalid documentation
- Hide access point consume details
- Submit request on shares should redirect to share page HOT 1
- Improve experience for potential users and contributors HOT 1
- Add Gen AI support for metadata forms HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dataall.