# Uninstall the solution
<a name="uninstall-the-solution"></a>

**Important**  
We recommented removing accounts from the account pool before you delete the stacks to prevent accounts from incurring costs.

To uninstall the solution, follow these steps:
+  [End leases and eject accounts](remove-resources.md) 
+  [Uninstall stacks](uninstall-isb.md) 
+  [Delete the custom application from the IDC](delete-saml-app.md) 

# End leases and eject accounts
<a name="remove-resources"></a>

## Enable maintenance mode
<a name="enable-maintenance-mode"></a>

Maintenance mode allows Admins to perform sensitive maintenance work like setup, troubleshooting, upgrading, or teardown of the solution.

When you enable maintenance mode, it will stop users and managers from making API requests to the solution, and any new API requests will not interfere with maintenance tasks being performed by the Admin.

To enable maintenance mode:

1. Log in to the AWS account where the Innovation Sandbox Hub and data stacks are deployed, and select the correct home Region.

1. Navigate to [AWS AppConfig](https://console.aws.amazon.com/systems-manager/appconfig/), and from the left pane, select **Applications**.

1. On the Applications page, select **InnovationSandboxData-Config-Application-XXXXXXX**. The Application details display.

1. Under **Configuration Profiles and Feature Flags**, select **InnovationSandboxData-Config-GlobalConfigHostedConfiguration-XXXXX** configuration profile, and choose **Create**.

1. Update the **maintenanceMode** value to `true`.

```
...
# Put the solution into maintenance mode
maintenanceMode: true
...
```

1. Select **Create hosted configuration version**.

1. Select **Start Deployment**, and choose the latest hosted configuration version you just created.

1. Choose **Start Deployment**.

This will set the account to Maintenance mode.

## End all Active and Frozen leases
<a name="end-active-leases"></a>

In this step, you will terminate all active and frozen leases to stop incurring costs for these accounts.

1. Log in to the web UI as an **Administrator**.

1. From the left pane, select **Leases**.

1. On the Leases page, under Filter options, for status, filter for all *Active* and *Frozen* leases if not already selected by default.

1. Under the **Leases** section, select all the leases matching the filter criteria.

1. From the **Actions** dropdown, select **Terminate**.

 **Note**: If there are multiple pages of leases, repeat this for all leases that match the *Active* and *Frozen* filters.

This will terminate the leases and submit the accounts for clean-up. Depending on the number of accounts, clean-up may take a few minutes.

## Eject accounts
<a name="eject-accounts"></a>

In this step, you will manually eject accounts that have been cleaned up, and are available for reuse.

1. Log in to the web UI as an **Administrator**.

1. From the left pane, select **Administration** > **Accounts**. The Accounts page displays all the accounts currently in the account pool.

1. Search for, and select all the accounts you want to eject from the account pool. You can eject any accounts from the account pool, except those in the **Clean up** state.

**Note**  
If a clean-up failed on an account, that account will be moved to a Quarantine state. After you troubleshoot these accounts, you can manually clean-up accounts in Quarantine. Accounts in Quarantine will continue to incur cost, so make sure you manually troubleshoot these accounts before attempting to clean-up these accounts.

1. From the **Actions** dropdown, select **Eject account**.

1. On the confirmation dialog, select **Submit** to confirm.

 **Note**: If there are multiple pages for accounts, repeat this for all accounts you want to eject.

This will eject the accounts from the Account pool.

## Move accounts out of the Organizational Unit
<a name="move-accounts"></a>

In this step, you will move accounts out of the Organization Unit so that the StackSet can delete all the stack instances from the sandbox account.

1. Log in to the Organization Management account, and navigate to [AWS Organizations](https://console.aws.amazon.com/organizations/).

1. From the left pane, select **AWS Accounts**.

1. From the organization structure tree, select the Innovation Sandbox OU, named *<NAMESPACE>\$1InnovationSandboxAccountPool*. For example, *myisb\$1InnovationSandboxAccountPool*.

1. Confirm that there are no other accounts in the OUs other than the *Exit* or *Entry* OUs. If there are accounts in other Account Pool OUs, eject these accounts using steps described in the [Eject accounts](#eject-accounts) section.

1. Move the accounts in *Exit* to outside the Innovation Sandbox OU, or the root OU.

This will ensure that there are no accounts in the OU before you uninstall the stacks for the solution.

# Uninstall solution stacks
<a name="uninstall-isb"></a>

You can uninstall the stacks, use the AWS Management Console or the AWS Command Line Interface (AWS CLI).

Make sure you uninstall the stacks in this order:

1. Compute stack

1. Data stack

1. IDC stack

1. AccountPool stack

## Using the AWS Management Console
<a name="using-the-aws-management-console"></a>

1. Sign in to the [AWS CloudFormation console](https://console.aws.amazon.com/cloudformation/home?).

1. Select the stack you want to delete.

1. Choose **Delete stack**.

**Note**  
Make sure you uninstall the stacks in this order: Compute, Data, IDC, and AccountPool.

### Using AWS Command Line Interface
<a name="using-aws-command-line-interface"></a>

Verify that AWS CLI is available in your environment. For installation instructions, refer to [What Is the AWS Command Line Interface](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html) in the *AWS CLI User Guide*.

Once you have access to AWS CLI, run the following command:

```
$ aws cloudformation delete-stack --stack-name <STACK_NAME>
```

**Note**  
Make sure you uninstall the stacks in this order: Compute, Data, IDC, and AccountPool.

# Resources retained after deletion
<a name="resources-retained"></a>

Some resources, which contain customer data, are not deleted automatically when you uninstall the stacks. The cost of these resources is minimal, and you can manually delete these resources.

 **Compute stack** 
+ Customer Managed Key
  +  `AwsSolutions/InnovationSandbox/InnovationSandbox-Compute` 
+ CloudWatch log groups
  +  `InnovationSandbox-Compute-ISBLogGroupXXXXX` 
  +  `InnovationSandbox-Compute-ISBLogGroupCustomResourcesXXXXX` 
+ S3 buckets
  + CloudFront distribution host (`innovationsandbox-compute-cloudfrontuiapiisbfronte-XXXXX`)
  + CloudFront distribution access log (`innovationsandbox-compute-cloudfrontuiapiisbfronte-XXXXX`)
  + Application logs archive (`innovationsandbox-compute-logarchivingisblogsarchi-XXXXX`)

 **Data stack** 
+ Customer Managed Key
  +  `AwsSolutions/InnovationSandbox/InnovationSandbox-Data` 
+ DynamoDB tables
  +  `InnovationSandbox-Data-LeaseTableXXXXX` 
  +  `InnovationSandbox-Data-LeaseTemplateTableXXXXX` 
  +  `InnovationSandbox-Data-AccountTableXXXXX` 

 **IDC stack** 
+ Customer Managed Key
  +  `AwsSolutions/InnovationSandbox/InnovationSandbox-IDC` 
+ CloudWatch log group
  +  `InnovationSandbox-IDC-ISBLogGroupCustomResourcesXXXXX` 
+ Innovation Sandbox groups
  + <NAMESPACE>\$1IsbUsersGroup
  + <NAMESPACE>\$1IsbManagersGroup
  + <NAMESPACE>\$1IsbAdminsGroup

 **Account Pool stack** 
+ Customer Managed Key
  +  `AwsSolutions/InnovationSandbox/InnovationSandbox-AccountPool` 
+ CloudWatch log group
  +  `InnovationSandbox-AccountPool-ISBLogGroupCustomResourcesXXXXX` 

# Delete the custom application in IAM Identity Center
<a name="delete-saml-app"></a>

In this step, delete the SAML2.0 application you created using the instructions in the [Create SAML application](create-saml-app.md) section.

To delete the application:

1. Log in to the account where the IAM Identity Center is enabled (usually the Organization Management account), and the IDC stack is deployed.

1. Navigate to the [AWS IAM Identity Center](https://console.aws.amazon.com/singlesignon/) console, and select the Innovation Sandbox home region.

1. From the left pane, select **Groups**.

1. To remove users from the three Innovation Sandbox [groups](assign-groups-application.md):

   1. Select a group.

   1. Select the **Users** tab.

   1. Select all the users.

   1. Choose **Remove users from group**.

   1. If there are more than one page of users, repeat this for all users.

1. Under **Application assignments**, select **Applications**.

1. Choose the **Customer managed** tab, and select the name of your application to view details.

1. Under **Assigned users and groups**, select all the groups and users associated with the application, and choose **Remove access**.

1. Navigate back to the list of **Customer managed** applications.

1. Select the application name, and under **Actions**, select **Remove**.

This will remove users from all groups, and delete the SAML2.0 application from your IAM Identity Center.