Skip to content
This repository has been archived by the owner on Oct 15, 2024. It is now read-only.

Service catalog: principal associations from shared portfolios are not deleted #801

Closed
eserte opened this issue May 19, 2022 · 1 comment
Closed

Service catalog: principal associations from shared portfolios are not deleted #801

eserte opened this issue May 19, 2022 · 1 comment

Comments

@eserte
Copy link

eserte commented May 19, 2022

It seems that principal assosications of shared (imported) portfolios in service catalog are not deleted. As aws-nuke usually removes all the IAM objects just some kind of "anonymous" principal ARNs are left.

Currently we have a workaround doing something like this as a post-nuke step:

          for portfolioid in $(
              aws servicecatalog list-accepted-portfolio-shares                                          --query 'PortfolioDetails[].Id' --output text
              aws servicecatalog list-accepted-portfolio-shares --portfolio-share-type AWS_ORGANIZATIONS --query 'PortfolioDetails[].Id' --output text
          ); do
              echo "*** Remove for portfolio $portfolioid"
              for principalarn in $(
                  aws servicecatalog list-principals-for-portfolio --portfolio-id $portfolioid | jq -r '.Principals[].PrincipalARN | select(test("^[A-Z0-9]{21}$"))'
              ); do
                  echo "**** Remove principal $principalarn"
                  aws servicecatalog disassociate-principal-from-portfolio --portfolio-id $portfolioid --principal-arn $principalarn
              done
          done

Note that there are more portfolio share type than AWS_ORGANIZATIONS, but in our case we use only this one.
@ekristen
Copy link
Contributor

ekristen commented Oct 1, 2024

Closing due to age. Please test the fork. If this is still an problem open a request over there, but please provide more information.

Please see the copy of the notice from the README about the deprecation of this project. Sven was kind enough to grant me access to help triage and close issues and pull requests that have already been addressed in the actively maintained fork. Some additional information is located in the welcome issue for more information.

Caution

This repository for aws-nuke is no longer being actively maintained. We recommend users to switch to the actively maintained fork of this project at ekristen/aws-nuke.
We appreciate all the support and contributions we've received throughout the life of this project. We believe that the fork will continue to provide the functionality and support that you have come to expect from aws-nuke.
Please note that this deprecation means we will not be addressing issues, accepting pull requests, or making future releases from this repository.
Thank you for your understanding and support.

@ekristen ekristen closed this as completed Oct 1, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ekristen @eserte