Getting started
Prerequisites
Creating an Organization
Creating Audit and Log Archive AWS AccountsManagement
Creating an AWS Account
Initial Setup
Billing Alerts
Configuring AWS SSO (IAM Identity Center)
Generating As-Built Documentation
Alliance ModeEnvironments
Environments
Configuring AWS Client VPN
Configuring Private Bastion
Deleting an Environment
Domains
Service RolesCompliance
Compliance standards
Compliance status
Configuring a standardReference
Choosing Email Addresses for your AWS Accounts
Checklist end-of-deployment
Configuring SSO for Microsoft Azure
Configuring SSO for G-Suite
Deploying Applications
Notification History
Removing NX1 Access from AWS Accounts
Reduce permission access for NX1
What’s deployed in my accountTroubleshooting
Troubleshooting
Common Issues
Finding the Root Cause of a Failed Job
Creating new environment failed
Fixing Network Access is not connecting to RDS
SSO G-Suite - Deploy Lambda ErrorDelete an environment on NX1
Deleting an environment on Citadel does not change any resource on the AWS Console created or changed.
To delete the environment from NX1, follow the steps below.
- Open https://app.nx1.io and navigate to the Environment page;
- Select the Environment you want to delete;
- Select Settings on the left menu;
- Select DELETE THIS ENVIRONMENT
- Click REMOVE to confirm the deletion.
Delete an environment on AWS Console
Deleting the environment on the AWS Console Account will remove all resources deployed by NX1. Make sure you want to remove the resources listed below before proceeding with the following steps.
- Baseline Setup
- Membership to security services in the Audit AWS account
- Cloudtrail setup for audit trail logs
- AWS Config for tracking resource changes and compliance status
- Network Setup
- Virtual Private Cloud (VPC)
- Subnets
- 3 subnets per tier
- Across 3 Availability Zones
- 3 tiers: Public, Private and Secure
- Total 9 subnets
- Internet Gateway
- Route Tables
- NAT Gateway
- 3 when High-Availability is enabled
- 1 when High-Availability is disabled
- Elastic IP per NAT Gateway created
- Network Access Control Lists (NACLs)
- DNS Hosted Zones (Route53) - configured later in the environment
- SSL Certificates issued by AWS Certificate Manager (ACM) - configured later in the environment
Step 1 - Delete workload baseline
- Log in to your AWS Management Account using an Administrator role or through SSO;
- Select the Region US East (N. Virginia) - us-east-1;
- Go to CloudFormation resource and select Stacks
- In the filter by stack name, look for
citadel-master-workload-baseline-<account-number>-<region> - <account-number>: AWS Account number of the Environment you want to delete.
- <region>: AWS Region where the environment was deployed.
- Select the Stack
- Select Delete to delete the stack
You can find the AWS Account Number and AWS Region on the NX1.
Step 2 - delete NX1 account access
- Go to CloudFormation resource and select Stacks
- In the filter by stack name, look for
citadel-account-access-<account-number> - <account-number>: AWS Account number of the Environment you want to delete.
- Select the Stack
- Select Delete to delete the stack
You can find the AWS Account Number in NX1.
Step 3 - Delete all stacks related to the environment
Make sure any stack deployed for the environment you want to delete.
- Go to CloudFormation resource and select Stacks
- In the filter by stack name, look for
<account-number> - Select the stack you found
- Select Delete.
Step 4 - Delete AWS S3 Buckets
Although the Stacks create the AWS S3 Buckets when deployed, when a stack is deleted, the buckets cannot be deleted automatically. Therefore, you need to delete those buckets manually.
If you want to keep the logs for this Environment, skip this step.
- Log in to your AWS Account for Log Archive using an Administrator role or through SSO;
- To find the Log Archive AWS Account ID in NX1:
- Open NX1;
- Select Management;
- Find the Log Archive Account Number under the account list.
- Select the Region the environment being deleted Region. E.g.
Asia Pacific (Sydney) - ap-southeast-2; - Go to AWS S3 resource and select Buckets;
- In the Filter, find a bucket by name, write the AWS Account Number of the environment you are deleting;
- Delete all buckets listed with the AWS Account number of the environment.
Conclusion
If you followed the previous steps, your environment was successfully deleted, but your AWS Account still exists in the AWS Organizations.
If you need to install a new environment using this AWS Account Number, go to the Environments instructions in this documentation.
People also checked: