You can run the AWS CFN to delete the CloudFormation stack and thus, uninstall the AWS services setup for a specific region, or for all enabled regions in the AWS account.

To delete the CloudFormation stack easier, Carbon Black Cloud provides a Bash/PowerShell AWS Services setup uninstall script that uses AWS CLI internally for running the CFN template.

Prerequisites

  • Sset the following access level permission and assign it to the API Key for executing the event stream setup script.

    Defining the Public Cloud permissions in the Add Access Level page for running the event stream setup script.

    For more details, see Create Access Levels.

  • Become familiar with the following possible values for the <ScriptURL> per onboarding environment.
    Linux Windows
    https://prod.cwp.carbonblack.io/public-cloud/us/aws/shell/setup-cbc-event-stream.sh https://prod.cwp.carbonblack.io/public-cloud/us/aws/powershell/setup-cbc-event-stream.ps1
    https://prod.cwp.carbonblack.io/public-cloud/ap/aws/shell/setup-cbc-event-stream.sh https://prod.cwp.carbonblack.io/public-cloud/ap/aws/powershell/setup-cbc-event-stream.ps1
    https://prod.cwp.carbonblack.io/public-cloud/eu/aws/shell/setup-cbc-event-stream.sh https://prod.cwp.carbonblack.io/public-cloud/eu/aws/powershell/setup-cbc-event-stream.ps1
    https://prod.cwp.carbonblack.io/public-cloud/au/aws/shell/setup-cbc-event-stream.sh https://prod.cwp.carbonblack.io/public-cloud/au/aws/powershell/setup-cbc-event-stream.ps
  • Retrieve your API Secret Key and API ID credentials. For more information, see Create and Manage an API Key.
  • Set up your AWS credentials. For more information, see Set up the AWS CLI.

Procedure

  1. Start the AWS Command Line Interface (AWS CLI) on your EC2 instance and enter your AWS credentials.
  2. After authentication completes, run the command: 
    curl <ScriptURL> --output setup-cbc-event-stream.sh && bash setup-cbc-event-stream.sh --CBInventoryApiHost <APIHost> --CBInventoryOrgKey <OrgKey> --CBInventoryApiKey <API_Secret_Key>/<API_ID> --uninstall --region <AWS region>
    The script takes the following parameters:
    ScriptURL The onboarding envirnment. For example, https://prod.cwp.carbonblack.io/public-cloud/us/aws/shell/setup-cbc-event-stream.sh in Linux or https://prod.cwp.carbonblack.io/public-cloud/us/aws/powershell/setup-cbc-event-stream.ps1 in Windows.

    For a full list of all production environments, see the table in the Prerequisites section of this topoic.

    CBInventoryApiHost The host for Carbon Black Public Cloud service. For example, defense-dev01.cbdtest.io.
    CBInventoryOrgKey Locate the org key in Carbon Black Cloud console by navigating to the > Settings > API Access > API Keys tab.
    CBInventoryApiKey The API Key is stored in the secret manager and is passed when sending the push notification to Carbon Black Cloud. For more details, see Create and Manage an API Key.
    Region AWS region ID.
    For example, 
    curl https://dev.cwp.cbdtest.io/public-cloud/dev01/aws/shell/setup-cbc-event-stream.sh --output setup-cbc-event-stream.sh && bash setup-cbc-event-stream.sh --CBInventoryApiHost defense-dev01.cbdtest.io --CBInventoryOrgKey 8Y7TJVYWQ --CBInventoryApiKey <API_Secret_Key>/<API_ID> --uninstall --region ap-south-1
  3. Optional. To uninstall the CloudFormation stack for all enabled AWS regions in the AWS account, run the command: 
    curl <ScriptURL> --output setup-cbc-event-stream.sh && bash setup-cbc-event-stream.sh --CBInventoryApiHost <APIHost> --CBInventoryOrgKey <OrgKey> --CBInventoryApiKey <API_Secret_Key>/<API_ID> --uninstall

Results

The AWS services setup is deleted for the selected region.