Platform Landing Zone Cleanup FAQ
If you are just testing the bootstrap process, you may want to remove the environment and start again a number of times. We provide the following guidance to help you do that.
There are two levels of clean up that must be followed in this order:
- Remove the platform landing zone
- Remove the bootstrap resources
We recommend following these steps in order to ensure a clean environment for re-deployment. However, if you have lost your original bootstrap folder or the steps are not working for you, we have a fallback option at the end of this section.
After the Terraform apply has been completed there is an opportunity to remove the environment it just created. Follow these steps to teardown the bootstrap environment.
If you already ran the CD pipeline / action in phase 3 to deploy the ALZ, then review the How do I remove the platform landing zones guidance.
Wait for the destroy run to complete before moving to the next step, you will need to approve it if you configured approvals.
Now run
Deploy-Acceleratorwith the-destroyflag, for example:Deploy-Accelerator ` -inputs "~/accelerator/config/inputs.yaml", "~/accelerator/config/platform-landing-zone.tfvars" ` -output "~/accelerator/output" ` -destroyYou can confirm the destroy by hitting enter when prompted.
To fully clean up, you should now delete the folder that was created for the accelerator.
You’ll now be able to run the
Deploy-Acceleratorcommand again to start fresh.
The following guidance is for Terraform, if you’re using Bicep and wish to destroy your landing zone, please refer to the destroy-landing-zone.ps1 script.
- Run the CD pipeline / action in phase 3, but this time select the
destroyoption. This will delete the landing zone resources; you will need to approve it if you configured approvals.
- Navigate to the directory shown in the
module_output_directory_pathoutput from the bootstrap. - Run
./scripts/deploy-local.ps1 -destroy. - A plan will run and then you’ll be prompted to check it and run the deploy.
- Type yes and hit enter to run the deploy.
- The ALZ will now be destroyed, this may take some time.
If you have lost your original bootstrap folder or are getting errors when trying to destroy the landing zone, you can follow these steps to clean up the resources manually.
Open a PowerShell terminal using PowerShell 7.
Ensure you have the latest version of the ALZ PowerShell Module installed:
Install-PSResource -Name ALZ -Force -AllowClobberLogin to Azure CLI and select your bootstrap subscription:
az login az account set --subscription "<subscription-id>"Run one of the following commands to prepare to remove the platform landing zone:
If you used a specific management group as the parent management group during bootstrap, you can specify that management group to delete the landing zone. For example:
Remove-PlatformLandingZone ` -ManagementGroups = "<root-parent-management-group-id>" ` -PlanModeIf you choose to use the Tenant Root Group as the parent management group and you are brownfield, you may need to avoid deleting other management group structures. In that case, you can specify the top level management groups to delete. For example:
Remove-PlatformLandingZone ` -ManagementGroups = "alz" ` -DeleteTargetManagementGroups ` -PlanMode
Review the plan output to ensure it is going to delete the correct resources.
If the plan looks correct, re-run the command without the
-PlanModeparameter to delete the platform landing zone.If you chose the second option, you’ll still need to clean up the custom role definitions on Tenant Root Group before you can re-run the accelerator bootstrap.
- Navigate to the Azure Portal and go to the
Management Groupspane. - Select the
Tenant Root Group. - Go to the
Access control (IAM)section. - Select the
Rolestab. - Find and delete any custom roles that were created by the accelerator. These will likely have
alzin the name. Delete all 4 of them. If they are still assigned anywhere, you will need to remove the assignments first.
- Navigate to the Azure Portal and go to the