Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(destroy functionality): Fix the issue where destroys fail due to ENIs and SG stuff #48

Merged
merged 23 commits into from
Jun 29, 2023
Merged

fix(destroy functionality): Fix the issue where destroys fail due to ENIs and SG stuff #48

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
b71a805
Retain the seatool lambda sg
mdial89f Jun 29, 2023
e5e8cc7
workflow to cleanup
mdial89f Jun 29, 2023
14d830c
Asdf
mdial89f Jun 29, 2023
b81af0c
test
mdial89f Jun 29, 2023
5f13f43
test
mdial89f Jun 29, 2023
7ad74a7
test
mdial89f Jun 29, 2023
704cdcc
test
mdial89f Jun 29, 2023
4eb0afa
test
mdial89f Jun 29, 2023
56ce696
test
mdial89f Jun 29, 2023
7c3c339
test
mdial89f Jun 29, 2023
285a967
test
mdial89f Jun 29, 2023
bcfad6b
test
mdial89f Jun 29, 2023
047ecfb
test
mdial89f Jun 29, 2023
e6c0191
test
mdial89f Jun 29, 2023
2dff943
test
mdial89f Jun 29, 2023
9f494a2
test
mdial89f Jun 29, 2023
be0e0c4
test
mdial89f Jun 29, 2023
96adf41
test
mdial89f Jun 29, 2023
0d59ee9
test
mdial89f Jun 29, 2023
de9ab9c
test
mdial89f Jun 29, 2023
f280c59
test
mdial89f Jun 29, 2023
e7cd2e4
test
mdial89f Jun 29, 2023
f71ba1d
fix triggers
mdial89f Jun 29, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 51 additions & 0 deletions .github/workflows/security-group-cleanup.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
name: Security Group Cleanup

on:
schedule:
- cron: "0 2 * * *"
workflow_dispatch:

jobs:
security-group-cleanup:
name: Security Group Cleanup
runs-on: ubuntu-20.04

permissions:
id-token: write
contents: read

steps:
- name: Checkout
uses: actions/checkout@v3
- uses: ./.github/actions/setup # We need this largely for the PROJECT variable setting
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ secrets.AWS_OIDC_ROLE_TO_ASSUME }}
aws-region: us-east-1
role-duration-seconds: 10800

- name: Clean Up Unassigned Security Groups
id: runningStages
run: |
# Step 1, get a list of all security groups attached to ENIs
inusesgs=(`aws ec2 describe-network-interfaces \
--query "NetworkInterfaces[].Groups[].GroupId" \
--output text`)

# Step 2, get a list of all security groups owned by our project.
allsgs=(`aws ec2 describe-security-groups \
--filters Name=tag:PROJECT,Values="$PROJECT" \
--query "SecurityGroups[].GroupId" \
--output text`)

# Step 3, delete any security group owned by our project that's not attached to an ENI
for i in "${allsgs[@]}"
do
if [[ " ${inusesgs[*]} " =~ " ${i} " ]]; then
echo "Keping $i as it is in use"
else
echo "Deleting $i as it is not in use..."
aws ec2 delete-security-group --group-id $i
fi
done
1 change: 1 addition & 0 deletions src/services/seatool/serverless.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -159,6 +159,7 @@ resources:
- aws.ksqldb.seatool.agg.State_Plan
SecurityGroup:
Type: AWS::EC2::SecurityGroup
DeletionPolicy: Retain # VPC based lambda's are problematic when deleting the SG due to ENI attachmnent out of our control.
Properties:
GroupDescription: Security group for Sink Lambda Function.
VpcId: ${self:custom.vpc.id}
Expand Down