From 419a8e91166822574725f9a76fe44fbb2a9f1756 Mon Sep 17 00:00:00 2001
From: Zhonghao Zhao <zzhlogin@amazon.com>
Date: Tue, 24 Dec 2024 11:25:36 -0800
Subject: [PATCH] Add lambda layer resource cleanup.

---
 .github/workflows/resource-cleanup.yml        | 36 ++++++++++++++++++-
 .../clean/lambda_layer_cleanup/cleaner.py     | 32 +++++++++++++++++
 .../lambda_layer_cleanup/requirements.txt     |  1 +
 3 files changed, 68 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/util/clean/lambda_layer_cleanup/cleaner.py
 create mode 100644 .github/workflows/util/clean/lambda_layer_cleanup/requirements.txt

diff --git a/.github/workflows/resource-cleanup.yml b/.github/workflows/resource-cleanup.yml
index a6f022a3a..950826cf8 100644
--- a/.github/workflows/resource-cleanup.yml
+++ b/.github/workflows/resource-cleanup.yml
@@ -81,6 +81,40 @@ jobs:
           python -m pip install -r requirements.txt
           python cleaner.py
 
+    cleanup-lambda-layer:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+
+      - name: Configure AWS credentials for IAD account access
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.E2E_IAD_TEST_ACCOUNT_ARN }}
+          aws-region: us-east-1
+
+      - name: Retrieve account id for the region
+        uses: aws-actions/aws-secretsmanager-get-secrets@v1
+        with:
+          secret-ids:
+            ACCOUNT_ID, region-account/${{ matrix.aws-region }}
+
+      - name: Configure AWS credentials for the regional account access
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::${{ env.ACCOUNT_ID }}:role/${{ secrets.RESOURCE_CLEANER_ROLE_NAME }}
+          aws-region: ${{ matrix.aws-region }}
+
+      - name: Cleanup Lambda Layer
+        working-directory: .github/workflows/util/clean/lambda_layer_cleanup
+        env:
+          AWS_DEFAULT_REGION: ${{ matrix.aws-region }}
+        run: |
+          python -m pip install -r requirements.txt
+          python cleaner.py
+
   publish-metric:
     needs: [ cleanup-ec2-instances, cleanup-k8s-cluster ]
     if: always()
@@ -89,4 +123,4 @@ jobs:
     with:
       aws-region: 'us-east-1'
       caller-workflow-name: 'enablement-test-resource-cleanup'
-      validation-result: ${{ (needs.cleanup-ec2-instances.result == 'success' && needs.cleanup-k8s-cluster.result == 'success') && 'success' || 'failure' }}
\ No newline at end of file
+      validation-result: ${{ (needs.cleanup-ec2-instances.result == 'success' && needs.cleanup-k8s-cluster.result == 'success' && needs.cleanup-lambda-layer.result == 'success') && 'success' || 'failure' }}
\ No newline at end of file
diff --git a/.github/workflows/util/clean/lambda_layer_cleanup/cleaner.py b/.github/workflows/util/clean/lambda_layer_cleanup/cleaner.py
new file mode 100644
index 000000000..6a69c170a
--- /dev/null
+++ b/.github/workflows/util/clean/lambda_layer_cleanup/cleaner.py
@@ -0,0 +1,32 @@
+import boto3
+from datetime import datetime, timezone, timedelta
+import time
+
+client = boto3.client('apigateway')
+
+def delete_old_api_gateways(hours_old=3):
+    now = datetime.now(timezone.utc)  # Ensure `now` is timezone-aware
+    cutoff_time = now - timedelta(hours=hours_old)
+
+    print(f"Cutoff time: {cutoff_time}")
+
+    apis = client.get_rest_apis()
+    for api in apis.get('items', []):
+        created_date = api.get('createdDate')  # This is usually UTC already
+        if created_date and isinstance(created_date, datetime):
+            # Ensure `created_date` is timezone-aware
+            created_date = created_date.astimezone(timezone.utc)
+
+            if created_date < cutoff_time:
+                api_id = api['id']
+                api_name = api.get('name', 'Unnamed API')
+                print(f"Deleting API: {api_name} (ID: {api_id}), created at {created_date}")
+
+                client.delete_rest_api(restApiId=api_id)
+                print("Deleted successfully. Sleeping for 32 seconds...")
+                time.sleep(32)
+        else:
+            print("Invalid or missing createdDate for API:", api)
+
+if __name__ == "__main__":
+    delete_old_api_gateways()
\ No newline at end of file
diff --git a/.github/workflows/util/clean/lambda_layer_cleanup/requirements.txt b/.github/workflows/util/clean/lambda_layer_cleanup/requirements.txt
new file mode 100644
index 000000000..1db657b6b
--- /dev/null
+++ b/.github/workflows/util/clean/lambda_layer_cleanup/requirements.txt
@@ -0,0 +1 @@
+boto3
\ No newline at end of file