Skip to main content

Remove Cost and Compliance Module Role

If you no longer wish to use the Stax Cost & Compliance module, remove the IAM Role that grants it access to your billing and compliance data.

note

This guidance assumes you're subscribed only to the Stax Cost & Compliance module. If your AWS accounts are Stax-managed, this role cannot be removed.

Before You Begin

  • Estimated time to complete: 15 minutes

  • Ensure you have appropriate access to each AWS account that has the Stax Cost & Compliance module configured

Remove the Real-Time Rule Alerts Notification

If you have configured Real-Time Rule Alerts for your AWS accounts, you'll need to remove the Notification from your CloudTrail S3 bucket(s). For each AWS account in your AWS Organization that has Real-Time Rule Alerts enabled, perform the configuration change below.

  1. Log in to the AWS account

  2. Navigate to the S3 Console. Open the S3 bucket containing CloudTrail logs remove-cost-and-compliance-role-0.png

  3. On the S3 bucket's Properties page, locate the Events card. Select it to see configured event notifications for the S3 bucket remove-cost-and-compliance-role-1.png

  4. Choose the All object create events SNS Event Notification and then Edit to ensure the event is the one you wish to delete. The SNS topic ARN should be in the format of arn:aws:sns:<your-cloudtrail-region>:228473277269:cloudtrail-receiver-external-prod

  5. Once you have ensured that you have the correct event selected, delete the SNS Event Notification

Once deleted, you will no longer receive Real-Time Rule Alerts from Stax.

Remove the Cost & Compliance IAM Role

The Stax Cost & Compliance module IAM Role is deployed as part of a CloudFormation stack. Follow the steps below to remove the stack.

For each AWS account in your Organization that has the Stax Cost & Compliance module enabled, perform the configuration change below.

  1. Log in to the AWS account

  2. Browse to the CloudFormation console and locate the stack containing the Stax IAM role. It is generally named Stax-IAM-role. If you have deployed using the Stax Cost & Compliance setup wizard, this stack should only contain two resources; the IAM role, and a Callback object. These can both be safely deleted. If your stack contains other resources, please contact support for assistance

  3. Delete the CloudFormation stack

Once deleted, Stax will no longer be collecting cost and compliance information for your AWS account.