manage terraform destroy option

[robomotic]

Background

There is no option in manage.py to call the terraform destroy . If performed manually via terraform directly it is not successful: it is unable to delete the S3, SNS and SQS resources.

Error applying plan:

5 error(s) occurred:

• aws_s3_bucket.binaryalert_log_bucket (destroy): 1 error(s) occurred:

• aws_s3_bucket.binaryalert_log_bucket: Error deleting S3 Bucket: BucketNotEmpty: The bucket you tried to delete is not empty. You must delete all versions in the bucket. status code: 409, request id: xxxxx, host id: yyyyyyyyyyy"logstotal.binaryalert-binaries.eu-west-2.access-logs"

• aws_s3_bucket.binaryalert_binaries (destroy): 1 error(s) occurred:

• aws_s3_bucket.binaryalert_binaries: Error deleting S3 Bucket: BucketNotEmpty: The bucket you tried to delete is not empty. You must delete all versions in the bucket. status code: 409, request id: 17B2137ACF4CE8E5, host id: yyyyyyyyyyyyyyy"logstotal.binaryalert-binaries.eu-west-2"

• local.sns_publications: local.sns_publications: Resource 'aws_sns_topic.yara_match_alerts' does not have attribute 'name' for variable 'aws_sns_topic.yara_match_alerts.name'

• local.sqs_age: local.sqs_age: Resource 'aws_sqs_queue.s3_object_queue' does not have attribute 'message_retention_seconds' for variable 'aws_sqs_queue.s3_object_queue.message_retention_seconds'

• local.sqs: local.sqs: Resource 'aws_sqs_queue.s3_object_queue' does not have attribute 'name' for variable 'aws_sqs_queue.s3_object_queue.name'

Terraform does not automatically rollback in the face of errors. Instead, your Terraform state file has been partially updated with any resources that successfully completed. Please address the error above and apply again to incrementally change your infrastructure.

Desired Change

Introduce destroy option.

[robomotic]

Okay there is no issue to call destroy from terraform if setting the variable force_destroy to true in the variable settings.

[crobo1337]

You might want to read through the docs, they're pretty good. https://binaryalert.io/deploying.html#terraform-destroy

[austinbyers]

Thanks @robomotic for the suggestion and @crobo1337 for the docs reference! Yeah, you can use the force_destroy option, as you found.

I was initially hesitant to add the destroy command to the manage.py script for fear of someone accidentally destroying their infrastructure, but the current setup does seem like too much friction. You have to:

1. Set force_destroy = true
2. terraform apply
3. terraform destroy

Since terraform itself provides a destroy option, I would be open to adding it if you think it would be useful.

Thoughts?

[robomotic]

Yes I think so with the caveat of user input, so it would work like this:

manage.py destroy

Warning: this will delete (S3|DynamoDB|RDS etc etc) do you want to continue (N)?

On 20 Nov 2017, at 18:55, Austin Byers notifications@github.com wrote:

Thanks @robomotic https://github.com/robomotic for the suggestion and @crobo1337 https://github.com/crobo1337 for the docs reference! Yeah, you can use the force_destroy option, as you found.

I was initially hesitant to add the destroy command to the manage.py script for fear of someone accidentally destroying their infrastructure, but the current setup does seem like too much friction. You have to:

Set force_destroy = true terraform apply terraform destroy Since terraform itself provides a destroy option, I would be open to adding it if you think it would be useful.

Thoughts?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/airbnb/binaryalert/issues/78#issuecomment-345792634, or mute the thread https://github.com/notifications/unsubscribe-auth/AATSPBpHXXUdvGWEVOiM7m7lxZivGW-jks5s4cs6gaJpZM4QjJ8k.