working on delete operation for cw dashboard; untested

cyphronix · cyphronix · commit a3643b399518 · 2024-10-26T19:22:28.000-06:00
diff --git a/aws_sra_examples/solutions/genai/bedrock_org/lambda/src/app.py b/aws_sra_examples/solutions/genai/bedrock_org/lambda/src/app.py
@@ -598,34 +598,6 @@ def create_event(event, context):
                         DRY_RUN_DATA[f"{filter}_CloudWatch"] = "DRY_RUN: Filter deploy parameter is 'false'; Skip CloudWatch metric filter deployment"
 
     # 5) Central CloudWatch Observability
-    # TODO(liamschn): determine if we need the CloudWatch-CrossAccountListAccountsRole (needed for "Enable account selector"?).
-    # TRUST
-    #     {
-    #     "Version": "2012-10-17",
-    #     "Statement": [
-    #         {
-    #             "Effect": "Allow",
-    #             "Principal": {
-    #                 "AWS": "arn:aws:iam::533267199951:root"
-    #             },
-    #             "Action": "sts:AssumeRole"
-    #         }
-    #     ]
-    # }
-    # PERMISSIONS
-    # {
-    #     "Version": "2012-10-17",
-    #     "Statement": [
-    #         {
-    #             "Action": [
-    #                 "organizations:ListAccounts",
-    #                 "organizations:ListAccountsForParent"
-    #             ],
-    #             "Resource": "*",
-    #             "Effect": "Allow"
-    #         }
-    #     ]
-    # }
     central_observability_params = json.loads(event["ResourceProperties"]["SRA-BEDROCK-CENTRAL-OBSERVABILITY"])
     # TODO(liamschn): create a parameter to choose to deploy central observability or not: deploy_central_observability = true/false
     # 5a) OAM Sink in security account
@@ -768,6 +740,7 @@ def create_event(event, context):
             DRY_RUN_DATA["CloudWatchDashboardCreate"] = "DRY_RUN: Create CloudWatch observability dashboard"
     else:
         LOGGER.info(f"Cloudwatch dashboard already exists: {search_dashboard[1]}")
+        # TODO(liamschn): check content of dashboard to ensure it is the latest content and update as needed
         # check_dashboard = cloudwatch.compare_dashboard(search_dashboard[1], cloudwatch_dashboard)
         # if check_dashboard is False:
         #     if DRY_RUN is False:
@@ -841,6 +814,23 @@ def delete_event(event, context):
         LOGGER.info(f"{SOLUTION_NAME}-configuration SNS topic does not exist.")
 
     # 2) Delete Central CloudWatch Observability
+    # 2a) Delete cloudwatch dashboard
+    cloudwatch.CLOUDWATCH_CLIENT = sts.assume_role(SECURITY_ACCOUNT, sts.CONFIGURATION_ROLE, "cloudwatch", sts.HOME_REGION)
+    search_dashboard = cloudwatch.find_dashboard(SOLUTION_NAME)
+    if search_dashboard[0] is False:
+        LOGGER.info("CloudWatch observability dashboard not found")
+    else:
+        if DRY_RUN is False:
+            LOGGER.info("Deleting CloudWatch observability dashboard")
+            LIVE_RUN_DATA["CloudWatchDashboardDelete"] = "Deleted CloudWatch observability dashboard"
+            cloudwatch.delete_dashboard(SOLUTION_NAME)
+            CFN_RESPONSE_DATA["deployment_info"]["action_count"] += 1
+            CFN_RESPONSE_DATA["deployment_info"]["resources_deployed"] -= 1
+        else:
+            LOGGER.info("DRY_RUN: Deleting CloudWatch observability dashboard")
+
+
+
     central_observability_params = json.loads(event["ResourceProperties"]["SRA-BEDROCK-CENTRAL-OBSERVABILITY"])
 
     cloudwatch.CWOAM_CLIENT = sts.assume_role(SECURITY_ACCOUNT, sts.CONFIGURATION_ROLE, "oam", sts.HOME_REGION)
@@ -852,8 +842,9 @@ def delete_event(event, context):
         oam_sink_arn = "Error:Sink:Arn:Not:Found"
 
     # Add management account to the bedrock accounts list
-    central_observability_params["bedrock_accounts"].append(sts.MANAGEMENT_ACCOUNT)
-    for bedrock_account in central_observability_params["bedrock_accounts"]:
+    bedrock_and_mgmt_accounts = copy.deepcopy(central_observability_params["bedrock_accounts"])
+    bedrock_and_mgmt_accounts.append(sts.MANAGEMENT_ACCOUNT)
+    for bedrock_account in bedrock_and_mgmt_accounts:
         for bedrock_region in central_observability_params["regions"]:
             # 2a) OAM link in bedrock account
             cloudwatch.CWOAM_CLIENT = sts.assume_role(bedrock_account, sts.CONFIGURATION_ROLE, "oam", bedrock_region)
diff --git a/aws_sra_examples/solutions/genai/bedrock_org/lambda/src/sra_cloudwatch.py b/aws_sra_examples/solutions/genai/bedrock_org/lambda/src/sra_cloudwatch.py
@@ -460,18 +460,18 @@ def create_dashboard(self, dashboard_name: str, dashboard_body: dict) -> str:
                 self.LOGGER.info(self.UNEXPECTED)
                 raise ValueError(f"Unexpected error executing Lambda function. {error}") from None
 
-    def delete_dashboard(self, dashboard_arn: str) -> None:
+    def delete_dashboard(self, dashboard_name: str) -> None:
         """Delete the CloudWatch dashboard for SRA in the organization.
 
         Args:
-            dashboard_arn (str): ARN of the dashboard
+            dashboard_name (str): Name of the dashboard
 
         Returns:
             None
         """
         try:
-            self.CLOUDWATCH_CLIENT.delete_dashboards(DashboardNames=[dashboard_arn])
-            self.LOGGER.info(f"CloudWatch dashboard {dashboard_arn} deleted")
+            self.CLOUDWATCH_CLIENT.delete_dashboards(DashboardNames=[dashboard_name])
+            self.LOGGER.info(f"CloudWatch dashboard {dashboard_name} deleted")
         except ClientError as e:
             self.LOGGER.info(self.UNEXPECTED)
             raise ValueError(f"Unexpected error executing Lambda function. {e}") from None
