Skip to content

Create an AWS EC2 instance with the AWS CLI - Step 3 - Cleanup

Make sure you do this setup first:

  1. Setup macOS for AWS Cloud DevOps
  2. AWS Authentication

Steps:

  1. Launch an AWS EC2 instance. Make sure you do this first.
  2. Attach an instance role to allow S3 access
  3. Cleanup (this post)

Scripts are bash

Setup

Names

Assign resource names:

# VPC
vpc="vpc-ec2"

# Subnets
subnet_1="subnet-ec2-1"
subnet_2="subnet-ec2-2"

# Internet Gateway
internet_gateway="igw-ec2"

# Route Table
route_table="rtb-ec2"

# Security Group
security_group="security-ec2"

# instance
instance="instance-ec2"

# SSH access key
key="aws-ec2-key"

# instance role
instance_role="$instance-role"

# instance profile
instance_profile="$instance-profile"

Clean up

Delete all resources in reverse order of creation.

Instance Profile

Disassociate the IAM role from the EC2 instance:

instance_id=$(aws ec2 describe-instances --filters Name=tag:Name,Values=$instance | jq -r '.Reservations[-1].Instances[-1].InstanceId')

iip_association=$(aws ec2 describe-iam-instance-profile-associations --filters "Name=instance-id,Values=$instance_id" | jq -r '.IamInstanceProfileAssociations[-1].AssociationId')

aws ec2 disassociate-iam-instance-profile --association-id $iip_association
Check status:

aws ec2 describe-iam-instance-profile-associations --filters "Name=instance-id,Values=$instance_id"

Delete the instance profile:

# remove the role from the instance profile
aws iam remove-role-from-instance-profile --instance-profile-name $instance_profile --role-name $instance_role

# delete the instance profile
aws iam delete-instance-profile --instance-profile-name $instance_profile

Delete the IAM role:

# detach the S3 policy from the role
aws iam detach-role-policy --role-name $instance_role --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess

# delete the IAM role
aws iam delete-role --role-name $instance_role

EC2 Instance

instance_id=$(aws ec2 describe-instances --filters Name=tag:Name,Values=$instance | jq -r '.Reservations[-1].Instances[-1].InstanceId')

aws ec2 terminate-instances --instance-ids $instance_id

Check instance status. Wait until it is terminated:

aws ec2 describe-instances --instance-id $instance_id | jq -r '.Reservations[-1].Instances[-1].State'

Security Group

group_id=$(aws ec2 describe-security-groups --filters Name=tag:Name,Values=$security_group | jq -r '.SecurityGroups[0].GroupId')

aws ec2 delete-security-group --group-id $group_id

Subnets

Delete:

# 1st subnet
subnet_id=$(aws ec2 describe-subnets --filters Name=tag:Name,Values=$subnet_1 | jq -r '.Subnets[0].SubnetId')

aws ec2 delete-subnet --subnet-id $subnet_id

# 2nd subnet
subnet_id=$(aws ec2 describe-subnets --filters Name=tag:Name,Values=$subnet_2 | jq -r '.Subnets[0].SubnetId')

aws ec2 delete-subnet --subnet-id $subnet_id

Route Table

Delete:

route_table_id=$(aws ec2 describe-route-tables --filters Name=tag:Name,Values=$route_table | jq -r '.RouteTables[0].RouteTableId')

aws ec2 delete-route-table --route-table-id $route_table_id

Internet Gateway

Detach:

vpc_id=$(aws ec2 describe-vpcs --filters Name=tag:Name,Values=$vpc | jq -r '.Vpcs[0].VpcId')

internet_gateway_id=$(aws ec2 describe-internet-gateways --filters Name=tag:Name,Values=$internet_gateway | jq -r '.InternetGateways[0].InternetGatewayId')

aws ec2 detach-internet-gateway --internet-gateway-id $internet_gateway_id --vpc-id $vpc_id

Delete:

internet_gateway_id=$(aws ec2 describe-internet-gateways --filters Name=tag:Name,Values=$internet_gateway | jq -r '.InternetGateways[0].InternetGatewayId')

aws ec2 delete-internet-gateway --internet-gateway-id $internet_gateway_id

VPC

vpc_id=$(aws ec2 describe-vpcs --filters Name=tag:Name,Values=$vpc | jq -r '.Vpcs[0].VpcId')

aws ec2 delete-vpc --vpc-id $vpc_id