Skip to content
This repository has been archived by the owner on Oct 15, 2024. It is now read-only.

[DirectoryService] AWS Managed Microsoft AD fails to nuke if AD is shared with other accounts #1196

Closed
alpaca012 opened this issue Feb 28, 2024 · 3 comments
Closed

[DirectoryService] AWS Managed Microsoft AD fails to nuke if AD is shared with other accounts #1196

alpaca012 opened this issue Feb 28, 2024 · 3 comments

Comments

@alpaca012
Copy link

As per title, DirectoryServiceDirectory (AWS Managed Microsoft AD) fails to delete without any explanation why.

Upon investigation, it was because it is shared with other AWS accounts. Using the unshare-directory on AWS CLI, aws ds unshare-directory --directory-id d-xxxxxxxx --unshare-target Id=<account_id>,Type=ACCOUNT, the account(s) are successfully unlinked.

After that, running aws-nuke deletes the AD successfully.
@ekristen
Copy link
Contributor

ekristen commented Mar 2, 2024

Do you know if there's any way to programmatically know what accounts the directory is shared with, or is this information you have to know some other way?

@alpaca012
Copy link
Author

Do you know if there's any way to programmatically know what accounts the directory is shared with, or is this information you have to know some other way?

We can use ds describe-shared-directories. Here is the link to the CLI reference

$ aws ds describe-shared-directories --owner-directory-id d-xxxxxxxxxx
{
    "SharedDirectories": [
        {
            "OwnerAccountId": "REDACTED",
            "OwnerDirectoryId": "d-xxxxxxxxxx",
            "ShareMethod": "HANDSHAKE",
            "SharedAccountId": "REDACTED",
            "SharedDirectoryId": "d-yyyyyyyyyy",
            "ShareStatus": "REDACTED",
            "ShareNotes": "REDACTED",
            "CreatedDateTime": "REDACTED",
            "LastUpdatedDateTime": "REDACTED"
        }
    ]
}

We can get the shared account IDs from the SharedAccountId key.

@ekristen ekristen mentioned this issue Oct 1, 2024
Open
@ekristen
Copy link
Contributor

ekristen commented Oct 1, 2024

tracked via ekristen/aws-nuke#349

Please see the copy of the notice from the README about the deprecation of this project. Sven was kind enough to grant me access to help triage and close issues and pull requests that have already been addressed in the actively maintained fork. Some additional information is located in the welcome issue for more information.

Caution

This repository for aws-nuke is no longer being actively maintained. We recommend users to switch to the actively maintained fork of this project at ekristen/aws-nuke.
We appreciate all the support and contributions we've received throughout the life of this project. We believe that the fork will continue to provide the functionality and support that you have come to expect from aws-nuke.
Please note that this deprecation means we will not be addressing issues, accepting pull requests, or making future releases from this repository.
Thank you for your understanding and support.

@ekristen ekristen closed this as completed Oct 1, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ekristen @alpaca012