From 65b6aded482c7767a0473c686a8dac7c8f078a3e Mon Sep 17 00:00:00 2001 From: Pranay deokar <140384952+pranaydeokar@users.noreply.github.com> Date: Mon, 21 Oct 2024 17:00:11 +0530 Subject: [PATCH] Update delete_stack.yml --- .github/workflows/delete_stack.yml | 89 +++++++++++++++++++++++------- 1 file changed, 69 insertions(+), 20 deletions(-) diff --git a/.github/workflows/delete_stack.yml b/.github/workflows/delete_stack.yml index af4d132..4849283 100644 --- a/.github/workflows/delete_stack.yml +++ b/.github/workflows/delete_stack.yml @@ -1,28 +1,77 @@ -name: Call Delete StackSet Workflow +name: Delete Security Services on: workflow_dispatch: inputs: - stack-set-name: - description: 'Stack-set name to delete' - required: true - aws-region: - description: 'AWS region where the stack-set is deployed' - required: true - account-ids: - description: 'Comma-separated list of account IDs to delete the StackSet instances from' + services: + description: 'Specify the services to delete (access-analyser, guard-duty, inspector, macie, securityhub, detective, config). Use a comma to separate multiple services.' required: true +permissions: + id-token: write + contents: read + jobs: - call-delete-stackset: + validate-services: + runs-on: ubuntu-latest + outputs: + services: ${{ steps.set-services.outputs.services }} + steps: + - name: Set services from input + id: set-services + run: | + if [[ -z "${{ github.event.inputs.services }}" ]]; then + echo "No services specified. Skipping deletion." + echo "::set-output name=services::none" + else + echo "::set-output name=services::${{ github.event.inputs.services }}" + fi + + delete-stack-instances: + needs: validate-services + runs-on: ubuntu-latest + steps: + - name: Delete Stack Instances for Selected Services + run: | + services_to_delete="${{ github.event.inputs.services }}" + IFS=',' read -r -a service_list <<< "$services_to_delete" + for service in "${service_list[@]}"; do + # Delete StackSet instances for service + if [[ "$service" == "access-analyser" ]]; then + echo "Deleting Access Analyser stack instances..." + aws cloudformation delete-stack-instances \ + --stack-set-name "Access-analyser" \ + --regions us-east-1 \ + --accounts ${{ secrets.ACCOUNT_IDS }} \ + --no-retain + fi + if [[ "$service" == "guard-duty" ]]; then + echo "Deleting GuardDuty stack instances..." + aws cloudformation delete-stack-instances \ + --stack-set-name "GuardDuty" \ + --regions us-east-1 \ + --accounts ${{ secrets.ACCOUNT_IDS }} \ + --no-retain + fi + # Add more stack instances deletion logic here + done + + delete-stacksets: + needs: delete-stack-instances runs-on: ubuntu-latest steps: - - name: Call Delete StackSet Workflow - uses: ./.github/workflows/stackset_workflow.yml - with: - stack-set-name: ${{ github.event.inputs.stack-set-name }} - aws-region: ${{ github.event.inputs.aws-region }} - account-ids: ${{ github.event.inputs.account-ids }} - env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_SESSION_TOKEN: ${{ secrets.AWS_SESSION_TOKEN }} + - name: Delete StackSets for Selected Services + run: | + services_to_delete="${{ github.event.inputs.services }}" + IFS=',' read -r -a service_list <<< "$services_to_delete" + for service in "${service_list[@]}"; do + # Delete StackSets for service + if [[ "$service" == "access-analyser" ]]; then + echo "Deleting Access Analyser stackset..." + aws cloudformation delete-stack-set --stack-set-name "Access-analyser" + fi + if [[ "$service" == "guard-duty" ]]; then + echo "Deleting GuardDuty stackset..." + aws cloudformation delete-stack-set --stack-set-name "GuardDuty" + fi + # Add more stackset deletion logic here + done