Agile Cloud Institute

Delete Credentials From Demos

After you have outgrown the need for the IAM resources created for the demos, you can delete the resources by using two simple CLI commands given below.

One reason to delete the IAM resources is if you want to continually refresh new credentials for security reasons.

Another reason to delete the IAM resources is if you are ready to tighten security by using lower-level permissions instead of the Super User permissions that the first-run-throughs of the demos require.

The following sections will show you how to delete both the Azure IAM resources and the AWS IAM resources.

Delete the Azure IAM resources

1. Log in to portal.azure.com as the same Account Owner you used to create the resources, and navigate to the Azure Cloud Shell.
2. Change the shell to “Bash”
3. Confirm that “acmDemoSetup.py” and “subscriptionScopeRole.json” are still installed by running “ls -al”

4. If “acmDemoSetup.py” and “subscriptionScopeRole.json” are not shown in the results of “ls -al”, then install it again by running the following two commands:

   wget https://github.com/AgileCloudInstitute/acm-demos-github/blob/main/acmDemoSetup.py?raw=true -O acmDemoSetup.py

   wget https://github.com/AgileCloudInstitute/acm-demos-github/blob/main/subscriptionScopeRole.json?raw=true -O subscriptionScopeRole.json

5. Get the “clientId” value from the config.yaml you created for the demos, then run the following command after replacing “valid-client-id-created-fordemo” with the actual valid value of the clientId.

   python acmDemoSetup.py destroy azure clientId=valid-client-id-created-fordemo

6. Confirm that the app registration with the name specified in the “clientName” in your config.yaml is no longer listed in your Azure Active Directory. If it is gone, it will have cascade-deleted all the other Azure IAM resources that were created for the demo.

The following screen shot illustrates what a Bash Cloud Shell should look like after successfully running the “python acmDemoSetup.py destroy azure clientId=valid-client-id-created-fordemo” command, including all of the printed message lines indicating success:

Delete AWS IAM Resources

1. Log into the AWS Console web site as the same root user that you used to create the IAM resources for the demo.
2. Navigate to the AWS Cloud Shell. Make sure you are in the same Region we specified for the demos, which is “us-west-2” Oregon.
3. Confirm that “acmDemoSetup.py” is still installed by running “ls -al”

4. If “acmDemoSetup.py” is not shown in the results of “ls -al”, then install it again by running the following command:

   wget https://github.com/AgileCloudInstitute/acm-demos-github/blob/main/acmDemoSetup.py?raw=true -O acmDemoSetup.py

5. Get the value for the “AWSAccessKeyId” from the keys.yaml that you created for the demos and paste it into the following command instead of “ValidAWSAccessKeyIdThatWasCreatedByCreateCommand”, and run the following command with the correct value for “AWSAccessKeyId”:

   python3 acmDemoSetup.py destroy aws userName=ACMUser_xyz groupName=SuperUserACM_xyz keyPairName=ACMKeyPair_xyz AWSAccessKeyId=ValidAWSAccessKeyIdThatWasCreatedByCreateCommand

6. Navigate to the IAM service in the AWS Console web GUI and confirm that there is no user group named “SuperUserACM_xyz” and that there is no user named “ACMUser_xyz” . These are the values we specified for the demo. If you altered the values, then the command in step 3 did not work, and you need to re-run the command from step 3 and make sure that thare are no resources with the names you gave. Once the IAM user and the IAM user group have been destroyed, then any other IAM resources should have been cascade-deleted as a result of the process.

The following screen shot shows what the cloud shell should look like after the “python3 acmDemoSetup.py destroy aws userName=ACMUser_xyz groupName=SuperUserACM_xyz keyPairName=ACMKeyPair_xyz AWSAccessKeyId=ValidAWSAccessKeyIdThatWasCreatedByCreateCommand” command has been run, including all the success messages indicating that the command succeeded.

Re-Create New IAM Resources

When you are ready to run the demos again after destroying the IAM resources, you can create replacement IAM resources quickly in each cloud by following the Assemble keys.yaml and config.yaml instructions again.