Uninstalling the blueprint
- Before uninstalling Hosty blueprint, you need to destroy the EKS clusters created by it (how to).
- Make sure that Hosty CLI is properly configured and tofu plan doesn't display any possible changes to the infrastructure.
Uninstalling Hosty entails deleting all the IAM users created by the Hosty. This includes all the IAM users with administrator access, one of which you are most likely currently using. In order for the operation to finish successfully, you need to create and use a temporary IAM user with admin access.
- Visit the IAM Users page on AWS Console and click Create user button.
- Set any username (i.e org.temp). Check Provide user access to the AWS Management Console checkbox and configure Console password section as nedded (autopassord or custom password, etc.). Click Next button.
- On the Set permissions page, set Permissions options to Attach policies directly. Select AdministratorAccess in Permission policies section. Click Next button then Create user button.
- Logout from current IAM user and sign in as the temporary user.
- Go to Security credentials page and in the Access Keys section click Create access key button. Select Other for Use case and Click Next button. Set Description tag value to anything (i.e. hosty) and click Create access key button.
- In the Hosty CLI execute rm /src/.aws/credentials to remove currently used credentails. Then execute aws configure --profile=hosty.user then copy and paste Access Key and Secret access key from the previous step.
IAM users created by Hosty, that were actively used will contain login profiles (AWS Console access), MFA and Access Keys. Those must be deleted prior to executing Terraform command to avoid failure.
Hosty stores the Terraform (Tofu) state in AWS S3 bucket and and uses AWS DynamoDB table to manage state locks. As we are planning to destroy these resources, we must move to the local state management.
- Open main.tf file and comment out terraform resource block.
- Execute tofu init -migrate-state and follow the instructions.
- Once successfully completed visit DynamoDB Tables page on AWS Console.
- Select the tf-remote-state-lock table, click Actions, then select Turn off deletion protection.
Terraform wouldn't delete the S3 buckets stored objects within those buckets. This is an intended behavior to prevent data loss. If you have successfully backed up objects in the S3 buckets and no longer need them, you can empty S3 buckets via AWS Console prior to uninstalling Hosty blueprint.
To uninstall the Hosty blueprint execute tofu destroy, this will perform planning and show you number of resources to be destroyed. Confirm by typing Yes and pressing Enter key.
After successfully uninstalling Hosty, you can log into AWS Console using the root user and remove the temporary IAM user.