Remove the PingIntelligence AWS policy with the undeploy tool, which detaches the policy
from CloudFront. To undeploy the policy, run the following command:
/opt/pingidentity/pi/aws/bin$ undeploy.sh
Undeploying PI AWS Policy
1) Fetching PI-ASE-Request Lambda version... done
2) Fetching PI-ASE-Response Lamda version... done
3) Undeploy PI-ASE-Request Lamda CloudFront... done
4) Undeploy PI-ASE-Response Lamda CloudFront... done
5) Undeploy PI-ASE-Request Lamda... done
6) Undeploy PI-ASE-Response Lamda... done
7) Detaching IAM Role named PI-Role from policy LambdaEdgeExecution-PI - status... done
8) Deleting IAM Role named PI-Role - status... done
9) Deleting policy named LambdaEdgeExecution-PI - status... done
Successfully undeployed PI AWS Policy.
Note: The time required to detach the policy from CloudFront varies
depending on the CloudFront region where the policy is deployed. It is common to
encounter intermediate error messages like the following during the course of
uninstallation.
Lambda was unable to delete lambda:us-east-1:377367197819:function:PI-ASE-Request-E2PLLTN1FCYDB3:5 because it is a replicated function.
Please see our documentation for Deleting Lambda@Edge Functions and Replicas.
If
such error occurs then re-execute the undeploy.sh after a gap
of 30 minutes. You can use the cloud_front_id
from the aws.properties file to search and verify the deletion of
PingIntelligence Lambda functions.