diff --git a/examples/dice-mojo-new/load-balancer.tf b/examples/dice-mojo-new/load-balancer.tf index c54c68b..fd03a90 100644 --- a/examples/dice-mojo-new/load-balancer.tf +++ b/examples/dice-mojo-new/load-balancer.tf @@ -37,7 +37,7 @@ resource "aws_lb" "app" { load_balancer_type = "application" security_groups = [local.sg_web_id] subnets = local.lb_subnet_ids - enable_deletion_protection = true + enable_deletion_protection = var.enable_deletion_protection idle_timeout = 300 access_logs { diff --git a/examples/dice-mojo-new/tf-run.destroy.data b/examples/dice-mojo-new/tf-run.destroy.data new file mode 100644 index 0000000..a97e223 --- /dev/null +++ b/examples/dice-mojo-new/tf-run.destroy.data @@ -0,0 +1,20 @@ +VERSION 1.1.2 +COMMAND tf-init +COMMAND tf-state list +aws_lb_listener.app_443 aws_lb_listener.app_80_redirect +aws_lb_target_group.app +POLICY +COMMENT To remove the LB, we have to disable the delete protection. +COMMAND tf-apply -target=aws_lb.app -var enable_deletion_protection=false +ALL + +COMMENT Contact TCO to revoke the certificate issued to this LB. +COMMENT We need to remove the TLS key from git-secret, remove the links, and move this directory +COMMENT to the ../ATTIC/ directory. Here are the commands. Fill in your own message, and DIRECTORY +COMMENT is the this directory. Once done, do a commit, push, and PR for the complete removal. +COMMENT git-secret remove certs/*.key +COMMENT rm $(find -maxdepth 1 -type l -print) +COMMENT test -d ../ATTIC || mkdir ../ATTIC +COMMENT rm -rf .terraform +COMMENT cd .. +COMMENT git mv DIRECTORY ATTIC/ diff --git a/examples/dice-mojo-new/variables.tf b/examples/dice-mojo-new/variables.tf new file mode 100644 index 0000000..44d2f6c --- /dev/null +++ b/examples/dice-mojo-new/variables.tf @@ -0,0 +1,5 @@ +variable "enable_deletion_protection" { + description = "Eanble or disable delete protection on LB. If enabled, it must be disabled before destroying" + type = bool + default = true +}