AWSSupport-TerminateIPMonitoringFromVPC
Description
                AWSSupport-TerminateIPMonitoringFromVPC terminates an IP monitoring
                test previously started by AWSSupport-SetupIPMonitoringFromVPC . Data
                related to the specified test ID will be deleted. 
Document type
Automation
Owner
Amazon
Platforms
Linux, macOS, Windows
Parameters
- 
                    AutomationAssumeRole Type: String Description: (Optional) The Amazon Resource Name (ARN) of the Amazon Identity and Access Management (IAM) role that allows Systems Manager Automation to perform the actions on your behalf. If no role is specified, Systems Manager Automation uses the permissions of the user that starts this runbook. 
- 
                    AutomationExecutionId Type: String Description: (Required) The automation execution ID from when you previously ran the AWSSupport-SetupIPMonitoringFromVPCrunbook. All resources associated with this execution ID are deleted.
- 
                    InstanceId Type: String Description: (Required) The instance ID for the monitor instance. 
- 
                    SubnetId Type: String Description: (Required) The subnet ID for the monitor instance. 
Required IAM permissions
The AutomationAssumeRole parameter requires the following actions to
                 use the runbook successfully.
It is recommended that the user who runs the automation have the AmazonSSMAutomationRole IAM managed policy attached. In addition, the user must have the following policy attached to their user, group, or role:
Document Steps
- 
                    aws:assertAwsResourceProperty- check AutomationExecutionId and InstanceId are related to the same test.
- 
                    aws:assertAwsResourceProperty- check SubnetId and InstanceId are related to the same test.
- 
                    aws:executeAwsApi- retrieve the test security group.
- 
                    aws:executeAwsApi- delete the CloudWatch dashboard.
- 
                    aws:changeInstanceState- terminate the test instance.
- 
                    aws:executeAwsApi- remove the IAM instance profile from the role.
- 
                    aws:executeAwsApi- delete the IAM instance profile created by the automation.
- 
                    aws:executeAwsApi- delete the CloudWatch inline policy from the role created by the automation.
- 
                    aws:executeAwsApi- detach the AmazonSSMManagedInstanceCore managed policy from the role created by the automation.
- 
                    aws:executeAwsApi- delete the IAM role created by the automation.
- 
                    aws:executeAwsApi- delete the security group created by the automation, if it exists.
Outputs
None