PingIntelligence

Uninstalling the CloudFront sideband policy

Remove the PingIntelligence Amazon Web Services (AWS) policy with the undeploy tool, which detaches the policy from CloudFront.

About this task

To undeploy the policy:

Steps

  1. Run the following command:

    /opt/pingidentity/pi/aws/bin$ undeploy.sh

    Result:

    Undeploying PI AWS Policy
    
    1) Fetching PI-ASE-Request Lambda version... done
    2) Fetching PI-ASE-Response Lamda version... done
    3) Undeploy PI-ASE-Request Lamda CloudFront... done
    4) Undeploy PI-ASE-Response Lamda CloudFront... done
    5) Undeploy PI-ASE-Request Lamda... done
    6) Undeploy PI-ASE-Response Lamda... done
    7) Detaching IAM Role named PI-Role from policy LambdaEdgeExecution-PI - status... done
    8) Deleting  IAM Role named PI-Role - status... done
    9) Deleting policy named LambdaEdgeExecution-PI - status... done
    
    Successfully undeployed PI AWS Policy.

    Troubleshooting:

    The time required to detach the policy from CloudFront varies depending on the CloudFront region where the policy is deployed. It is common to encounter intermediate error messages like the following during the course of uninstallation:

    Lambda was unable to delete lambda:us-east-1:377367197819:function:PI-ASE-Request-E2PLLTN1FCYDB3:5 because it is a replicated function.
    Please see our documentation for Deleting Lambda@Edge Functions and Replicas.

    If such error occurs then re-execute the undeploy.sh after a gap of 30 minutes.

  2. To search and verify the deletion of PingIntelligence Lambda functions, use the cloud_front_id from the aws.properties file