Tanzu Platform SaaS

PDF
self.managed.10.1 10.0 saas

Clean up the application environment resources

Last Updated February 19, 2025

This topic tells you how to remove all the resources that were created during the setup of the infrastructure and the application environment. The clean-up includes the following resources:

  • Space
  • Cluster
  • AWS VPC

  • AWS account in Tanzu Platform

    The process also deletes the monitoring resources that were created.

Delete a Space

Deleting a Space will delete all the application resources within the Space, including any applications and dependent resources such as Route53 records.

You can delete a Space using either the Tanzu Platform UI or the Tanzu CLI.

UI-based steps
  1. Go to Application Platform > Application Engine > Spaces.
  2. Click the three dots next to the Space you wish to delete.
  3. Select Delete Space.
  4. Enter the name of the Space to confirm the delete.
  5. Click Delete.
Tanzu CLI-based steps
Use the following Tanzu CLI command to delete the Space from the project. 
tanzu space delete <space name>

Delete an application

Deleting an application deletes the application itself and all of the related resources that were created during the build. The related resources vary according to the type of runtime, for example:

  • For a kubernetes-carvel-package runtime, the related resources are Package, PackageInstall, and the Secret for configuring the PackageInstall.
  • For a kubernetes-fluxcd-helm-chart runtime, the related resources are HelmRepository, HelmRelease, and Secret.

You can delete an application by using either the Tanzu Platform UI or the Tanzu CLI.

UI-based steps
  1. Go to Spaces > Overview.
  2. Select the Space in which the application is deployed and open the Space details.
  3. Select to the Applications Tab.
  4. Click Delete in the top right corner.
  5. Enter the name of the application to confirm the deletion.
Tanzu CLI-based steps
Use the following Tanzu CLI command to delete the application from the Space. 
tanzu app delete <app name>

Delete the AWS VPC created for clusters

As part of the onboarding, if you created an AWS VPC and it’s no longer deleted, you can delete the VPC from your AWS account using the following steps:

  1. Open the AWS CloudFormation console.
  2. Select the radio button next to the VPC you created.
  3. Click Delete and confirm the deletion.

Remove AWS Account from Tanzu Platform

When the AWS Account was on-boarded to Tanzu Platform, resources were created within the AWS account in each region for event monitoring. Removing the account from the Tanzu Platform will cleanup these resources.

  1. In the Tanzu Platform UI, go to Administration > Infrastructure accounts > Public Cloud accounts.
  2. Expand the account that you added in Add AWS account to Tanzu Platform and click Delete

  3. Follow the instructions in the UI to Detach the cluster from the collection.

    Since the cluster has already been deleted, you can skip the steps for deleting the aria-k8s namespace in Step 1 of the instructions in the UI.

  4. Follow the instructions in the UI to deactivate event monitoring. This will remove the CloudFormation templates in region that were created for event monitoring.

    This step requires the AWS CLI to be able to authenticate to your AWS account.

  5. After the event monitoring cleanup script is completed, click Delete Account to remove the AWS account from the Tanzu Platform.

Remove TanzuSecurityAudit role from AWS IAM

In the Add AWS Account step, you created a TanzuSecurityAudit role in your AWS account that gave AssumeRole permissions for Tanzu Platform. To remove this permission, do the following:

  1. Within the AWS Console, go to the IAM dashboard
  2. Click Roles and search for TanzuSecurityAudit
  3. Check the box next to the TanzuSecurityAudit role and click Delete
  4. Confirm deletion by typing the name of the role in the input field and click Delete

Remove GSLB Credential Stack from AWS

In the Create Route 53 GSLB credentials step, you created a CloudFormation stack which in turn created an IAM role and policy to support the GSLB function. To remove this permission, do the following:

  1. Delete the credential resource from the Tanzu Platform.

    1. In the Tanzu Platform UI, go to Administration > Infrastructure accounts > Public Cloud services.
    2. Select the credential you created for GSLB.
    3. Click Delete.

  2. On the AWS Console,

    1. Go to the CloudFormation Dashboard.

    2. Find the CF Stack that was created for GSLB.

      It starts with gslb-hub-cloud-vmware-com-, and has a stack parameter of CredentialName with a value equal to the name of your credential in the Tanzu Platform.

    3. Select this stack.

    4. On the stack details page, click Delete to delete the stack.

      This removes the IAM role and associated IAM policies.