[rescbr]

If you manage to delete everything and make the billing to be zero dollars, then there's no need to close the account...

In many cases, this is way harder than it sounds.

[ralphist]

Beginner here, but shouldn't `terraform destroy` make this very easy? Assuming you deploy everything with IaC.

[ckdarby]

Some things are impossible to destroy immediately. KMS keys take 60 days to remove.

You can also start the close account process which takes 60 days and just pay the fees for anything not torn down and then it all gets nuked at the end of that period.

[mhitza]

There can be resources created implicitly, even when using IaC tools. One example, create a lambda, without an explicit log group, one will be automatically created for you outside of the tracked state.

[ralphist]

So the lambda function will survive, but billing will still go to zero when the lambda's last execution finishes, right?

[easton]

The function would be destroyed (guessing running instances would finish their handlers and then no longer be accessible) but the log group it created would still be present, holding logs from the dead function.

[ralphist]

That sounds stupid, thanks. Guess I'll be careful when I set up lambdas.

[hiatus]

Is this true? I know it's not true when using terraform for things like ECS. I suppose I can just test this myself.

[true_religion]

I don’t think terraform will recursively delete everything in your S3 bucket.

[ralphist]

Iterate over all S3 buckets in your terraform files and add `force_destroy` to them [1], then apply and destroy.

There could probably be an automated tool for this that wouldn't be too complex.

[1] https://registry.terraform.io/providers/hashicorp/aws/latest...

[deskamess]

Does that take care of deleting the files inside the bucket? That's an API call ($). Depending on the data that could be quite a bit.

[haimez]

Delete API calls are free, listing the objects in a bucket to know what to delete is not.

[renewiltord]

If someone manages that, they're a god.