Skip to content

Module 99: Cleanup

Follow these instructions to remove all workshop resources from your AWS account. The cleanup process differs depending on whether you're using Workshop Studio (automatic) or a self-deployed environment (manual).

Estimated duration: 10–15 minutes

Workshop Studio Hosted

Info

If you are attending this workshop at an AWS event using Workshop Studio, no manual cleanup is required. Workshop Studio automatically reclaims and cleans up your provisioned account when the session ends. All resources — including CloudFormation stacks, S3 buckets, Lambda functions, and IAM roles — are removed automatically. You can close your browser and walk away when you're done.

Self-Deployed Cleanup

Warning

If you deployed this workshop into your own AWS account, you must manually delete all resources to avoid ongoing charges. Follow the ordered steps below carefully — the order matters because some resources have dependencies on others.

Resources Created During This Workshop

The following resource categories may have been created during the workshop labs:

  • CloudFormation stacks — main workshop stack and nested stacks (VPC, IAM, broken-stack, dashboards)
  • S3 bucketsagent-toolkit-workshop-{ParticipantId} and any buckets created in labs
  • Lambda functions — serverless API functions (Module 2), capstone processor (Module 6), dashboard widget, broken-app
  • API Gateway APIs — REST APIs created in Module 2
  • DynamoDB tablescapstone-image-labels-{ParticipantId}, serverless tables from Module 2
  • EC2 instances — any instances launched in Module 3
  • Security groups — custom security groups created in Module 3
  • IAM roles — ParticipantRole, AgentRole, RestrictedAgentRole, and any roles created during labs
  • CloudWatch dashboards and alarms — workshop progress dashboard and Module 4 alarms
  • EventBridge rules — MCP event monitoring rule
  • SNS topics — workshop notification topic

Ordered Deletion Steps

Follow these steps in order. You can ask your AI coding agent to help with each step.

Step 1: Empty and Delete S3 Buckets

S3 buckets cannot be deleted unless they are empty. You must empty each bucket first.

Warning

Deleting S3 buckets is irreversible. Make sure you don't need any files before proceeding.

Example prompt for your agent:

"List all S3 buckets tagged with Workshop=AgentToolkit, empty each one, then delete them."

If your agent cannot delete non-empty buckets in one step, use:

"Empty the bucket agent-toolkit-workshop-{your-participant-id} by deleting all object versions and delete markers, then delete the bucket."

Step 2: Delete Ad-Hoc Resources Created Outside CloudFormation

Resources you created manually through your agent during the labs (Modules 2 and 3) are not managed by CloudFormation and must be deleted separately.

Lambda functions and API Gateway (Module 2):

"Delete all Lambda functions with names starting with 'serverless-api'. Then delete any API Gateway REST APIs that were created during the workshop."

DynamoDB tables (Module 2):

"Delete any DynamoDB tables with names starting with 'serverless-'."

EC2 instances and security groups (Module 3):

"Terminate any running EC2 instances tagged with Workshop=AgentToolkit. Then delete any security groups tagged with Workshop=AgentToolkit (except the default security group)."

Info

Security groups cannot be deleted while they are attached to running instances. Always terminate instances first.

Step 3: Delete the Broken-App Nested Stack

The broken-app stack is a nested stack that may be in a ROLLBACK_COMPLETE or UPDATE_ROLLBACK_COMPLETE state. Delete it before the main stack.

"Delete the CloudFormation stack named 'broken-app-stack' if it exists. If it's in a ROLLBACK_COMPLETE state, delete it with the retain-resources option if needed."

Step 4: Delete the Main Workshop CloudFormation Stack

This deletes the main stack and all remaining nested stacks (VPC, IAM, dashboards) along with their managed resources.

"Delete the main workshop CloudFormation stack. Wait for deletion to complete and confirm it's gone."

Warning

Stack deletion may take 5–10 minutes as it removes the VPC, NAT Gateway, IAM roles, and all nested stack resources. Do not interrupt the deletion process.

Verify Cleanup Completion

After deletion completes, verify that no workshop resources remain in your account:

"Search for any remaining resources tagged with Workshop=AgentToolkit in us-east-1. Check S3 buckets, Lambda functions, DynamoDB tables, EC2 instances, IAM roles, CloudWatch dashboards, EventBridge rules, and SNS topics."

You can also verify via the AWS Console:

  1. Open Resource Groups & Tag Editor in the AWS Console
  2. Search for resources with the tag key Workshop and value AgentToolkit
  3. Confirm that no resources are returned

If any resources remain, delete them manually or ask your agent to clean them up individually.