Getting started
Prerequisites
Creating an Organization
Creating Audit and Log Archive AWS Accounts
Management
Creating an AWS Account
Initial Setup
Billing Alerts
Configuring AWS SSO (IAM Identity Center)
Generating As-Built-Documentation
Environments
Environments
Configuring AWS Client VPN
Configuring Private Bastion
Deleting an Environment
Domains
Service Roles
Compliance
Compliance standards
Compliance status
Configuring a standard
Reference
Choosing Email Addresses for your AWS Accounts
Checklist end-of-deployment
Configuring SSO for Microsoft Azure
Configuring SSO for G-Suite
Deploying Applications
Notification History
Removing Citadel Access from AWS Accounts
What’s deployed in my account
Troubleshooting
Troubleshooting
Common Issues
Finding the Root Cause of a Failed Job
Creating new environment failed
Fixing Network Access is not connecting to RDS
SSO G-Suite - Deploy Lambda Error
Common issues
Delete an environment on Citadel
Deleting an environment on Citadel does not change any resource on the AWS Console created or changed.
To delete the environment from Citadel Run, follow the steps below.
- Open Citadel Run and navigate to the Environment page;
- Select the Environment you want to delete;
- Select Settings on the left menu;
- Select DELETE THIS ENVIRONMENT
- Click REMOVE to confirm the deletion.
Delete an environment on AWS Console
Deleting the environment on the AWS Console Account will remove all resources deployed by Citadel. Make sure you want to remove the resources listed below before proceeding with the following steps.
- Baseline Setup
- Membership to security services in the Audit AWS account
- Cloudtrail setup for audit trail logs
- AWS Config for tracking resource changes and compliance status
- Network Setup
- Virtual Private Cloud (VPC)
- Subnets
- 3 subnets per tier
- Across 3 Availability Zones
- 3 tiers: Public, Private and Secure
- Total 9 subnets
- Internet Gateway
- Route Tables
- NAT Gateway
- 3 when High-Availability is enabled
- 1 when High-Availability is disabled
- Elastic IP per NAT Gateway created
- Network Access Control Lists (NACLs)
- DNS Hosted Zones (Route53) - configured later in the environment
- SSL Certificates issued by AWS Certificate Manager (ACM) - configured later in the environment
Step 1 - Delete workload baseline
- Log in to your AWS Management Account using an Administrator role or through SSO;
- Select the Region US East (N. Virginia) - us-east-1;
- Go to CloudFormation resource and select Stacks
- In the filter by stack name, look for
citadel-master-workload-baseline-<account-number>-<region> - <account-number>: AWS Account number of the Environment you want to delete.
- <region>: AWS Region where the environment was deployed.
- Select the Stack
- Select Delete to delete the stack
You can find the AWS Account Number and AWS Region on the Citadel Run.
Step 2 - delete citadel account access
- Go to CloudFormation resource and select Stacks
- In the filter by stack name, look for
citadel-account-access-<account-number> - <account-number>: AWS Account number of the Environment you want to delete.
- Select the Stack
- Select Delete to delete the stack
You can find the AWS Account Number on the Citadel Run.
Step 3 - Delete all stacks related to the environment
Make sure any stack deployed for the environment you want to delete.
- Go to CloudFormation resource and select Stacks
- In the filter by stack name, look for
<account-number> - Select the stack you found
- Select Delete.
Step 4 - Delete AWS S3 Buckets
Although the Stacks create the AWS S3 Buckets when deployed, when a stack is deleted, the buckets cannot be deleted automatically. Therefore, you need to delete those buckets manually.
If you want to keep the logs for this Environment, skip this step.
- Log in to your AWS Account for Log Archive using an Administrator role or through SSO;
- Find the Log Archive number on the Citadel Run:
- Navigate to Citadel Run;
- Select Management;
- Find the Log-Archive Account Number.
- Select the Region the environment being deleted Region. E.g.
Asia Pacific (Sydney) - ap-southeast-2; - Go to AWS S3 resource and select Buckets;
- In the Filter, find a bucket by name, write the AWS Account Number of the environment you are deleting;
- Delete all buckets listed with the AWS Account number of the environment.
Conclusion
If you followed the previous steps, your environment was successfully deleted, but your AWS Account still exists in the AWS Organizations.
If you need to install a new environment using this AWS Account Number, go to the Environments instructions in this documentation.
People also checked: