Add CLI stack deletion functionality with safety features

Bob Strahan · Bob Strahan · commit 7a1530b6f18a · 2025-10-15T23:35:13.000Z
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -17,11 +17,12 @@ SPDX-License-Identifier: MIT-0
 
 - **IDP CLI - Command Line Interface for Batch Document Processing**
   - Added CLI tool (`idp_cli/`) for programmatic batch document processing and stack management
-  - **Key Features**: Deploy and update CloudFormation stacks, process documents from local directories or S3 URIs, live progress monitoring with rich terminal UI, download processing results locally, validate manifests before processing, generate manifests from directories with automatic baseline matching
+  - **Key Features**: Deploy/update/delete CloudFormation stacks, process documents from local directories or S3 URIs, live progress monitoring with rich terminal UI, download processing results locally, validate manifests before processing, generate manifests from directories with automatic baseline matching
+  - **Stack Lifecycle Management**: Complete stack management including deletion with safety confirmations, bucket analysis, and automatic cleanup options
   - **Evaluation Framework**: Workflow for accuracy testing including initial processing, manual validation, baseline creation, and automated evaluation with detailed metrics
   - **Analytics Integration**: Query aggregated results via Athena SQL or use Agent Analytics in Web UI for visual analysis
   - **Manifest Formats**: Support for CSV and JSON manifests with auto-generated document IDs from filenames and optional baseline references for evaluation
-  - **Use Cases**: Rapid configuration iteration, large-scale batch processing, CI/CD integration, automated accuracy testing
+  - **Use Cases**: Rapid configuration iteration, large-scale batch processing, CI/CD integration, automated accuracy testing, automated environment cleanup
   - **Documentation**: README with Quick Start, Commands Reference, Evaluation Workflow, and troubleshooting guides
 
 ### Changed
diff --git a/docs/idp-cli.md b/docs/idp-cli.md
@@ -24,6 +24,7 @@ https://github.com/user-attachments/assets/3d448a74-ba5b-4a4a-96ad-ec03ac0b4d7d
 - [Quick Start](#quick-start)
 - [Commands Reference](#commands-reference)
   - [deploy](#deploy)
+  - [delete](#delete)
   - [run-inference](#run-inference)
   - [status](#status)
   - [download-results](#download-results)
@@ -149,6 +150,76 @@ idp-cli deploy \
 
 ---
 
+### `delete`
+
+Delete an IDP CloudFormation stack.
+
+**⚠️ WARNING:** This permanently deletes all stack resources.
+
+**Usage:**
+```bash
+idp-cli delete [OPTIONS]
+```
+
+**Options:**
+- `--stack-name` (required): CloudFormation stack name
+- `--force`: Skip confirmation prompt
+- `--empty-buckets`: Empty S3 buckets before deletion (required if buckets contain data)
+- `--wait / --no-wait`: Wait for deletion to complete (default: wait)
+- `--region`: AWS region (optional)
+
+**S3 Bucket Behavior:**
+- **LoggingBucket**: `DeletionPolicy: Retain` - Always kept
+- **All other buckets**: `DeletionPolicy: RetainExceptOnCreate` - Deleted if empty
+- CloudFormation can ONLY delete S3 buckets if they're empty
+- Use `--empty-buckets` to automatically empty buckets before deletion
+
+**Examples:**
+
+```bash
+# Interactive deletion with confirmation
+idp-cli delete --stack-name test-stack
+
+# Automated deletion (CI/CD)
+idp-cli delete --stack-name test-stack --force
+
+# Delete with automatic bucket emptying
+idp-cli delete --stack-name test-stack --empty-buckets --force
+
+# Delete without waiting
+idp-cli delete --stack-name test-stack --force --no-wait
+```
+
+**What you'll see:**
+```
+⚠️  WARNING: Stack Deletion
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+Stack: test-stack
+Region: us-east-1
+
+S3 Buckets:
+  • InputBucket: 20 objects (45.3 MB)
+  • OutputBucket: 20 objects (123.7 MB)
+  • WorkingBucket: empty
+
+⚠️  Buckets contain data!
+This action cannot be undone.
+
+Are you sure you want to delete this stack? [y/N]: _
+```
+
+**Use Cases:**
+- Cleanup test/development environments to avoid charges
+- CI/CD pipelines that provision and teardown stacks
+- Automated testing with temporary stack creation
+
+**Note:** LoggingBucket is retained by design. To delete it manually:
+```bash
+aws s3 rb s3://<logging-bucket-name> --force
+```
+
+---
+
 ### `run-inference`
 
 Process a batch of documents.
@@ -914,4 +985,3 @@ For issues or questions:
 - Check CloudWatch logs for Lambda functions
 - Review AWS Console for resource status
 - Open an issue on GitHub
-
diff --git a/idp_cli/idp_cli/cli.py b/idp_cli/idp_cli/cli.py
@@ -283,6 +283,162 @@ def deploy(
         sys.exit(1)
 
 
+@cli.command()
+@click.option("--stack-name", required=True, help="CloudFormation stack name")
+@click.option("--force", is_flag=True, help="Skip confirmation prompt")
+@click.option(
+    "--empty-buckets",
+    is_flag=True,
+    help="Empty S3 buckets before deletion (required if buckets contain data)",
+)
+@click.option(
+    "--wait/--no-wait",
+    default=True,
+    help="Wait for deletion to complete (default: wait)",
+)
+@click.option("--region", help="AWS region (optional)")
+def delete(
+    stack_name: str,
+    force: bool,
+    empty_buckets: bool,
+    wait: bool,
+    region: Optional[str],
+):
+    """
+    Delete an IDP CloudFormation stack
+
+    ⚠️  WARNING: This permanently deletes all stack resources.
+
+    S3 buckets configured with RetainExceptOnCreate will be deleted if empty.
+    Use --empty-buckets to automatically empty buckets before deletion.
+
+    Examples:
+
+      # Interactive deletion with confirmation
+      idp-cli delete --stack-name test-stack
+
+      # Automated deletion (skip confirmation)
+      idp-cli delete --stack-name test-stack --force
+
+      # Delete with automatic bucket emptying
+      idp-cli delete --stack-name test-stack --empty-buckets --force
+
+      # Delete without waiting for completion
+      idp-cli delete --stack-name test-stack --force --no-wait
+    """
+    try:
+        deployer = StackDeployer(region=region)
+
+        # Check if stack exists
+        if not deployer._stack_exists(stack_name):
+            console.print(f"[red]✗ Stack '{stack_name}' does not exist[/red]")
+            sys.exit(1)
+
+        # Get bucket information
+        console.print(f"[bold blue]Analyzing stack: {stack_name}[/bold blue]")
+        bucket_info = deployer.get_bucket_info(stack_name)
+
+        # Show warning with bucket details
+        console.print()
+        console.print("[bold red]⚠️  WARNING: Stack Deletion[/bold red]")
+        console.print("━" * 60)
+        console.print(f"Stack: [cyan]{stack_name}[/cyan]")
+        console.print(f"Region: {region or 'default'}")
+
+        if bucket_info:
+            console.print()
+            console.print("[bold]S3 Buckets:[/bold]")
+            has_data = False
+            for bucket in bucket_info:
+                obj_count = bucket.get("object_count", 0)
+                size = bucket.get("size_display", "Unknown")
+                logical_id = bucket.get("logical_id", "Unknown")
+
+                if obj_count > 0:
+                    has_data = True
+                    console.print(
+                        f"  • {logical_id}: [yellow]{obj_count} objects ({size})[/yellow]"
+                    )
+                else:
+                    console.print(f"  • {logical_id}: [green]empty[/green]")
+
+            if has_data and not empty_buckets:
+                console.print()
+                console.print("[bold red]⚠️  Buckets contain data![/bold red]")
+                console.print("Deletion will FAIL unless you:")
+                console.print("  1. Use --empty-buckets flag to auto-delete data, OR")
+                console.print("  2. Manually empty buckets first")
+
+        console.print()
+        console.print("[bold red]This action cannot be undone.[/bold red]")
+        console.print("━" * 60)
+        console.print()
+
+        # Confirmation unless --force
+        if not force:
+            response = click.confirm(
+                "Are you sure you want to delete this stack?", default=False
+            )
+            if not response:
+                console.print("[yellow]Deletion cancelled[/yellow]")
+                return
+
+            # Double confirmation if --empty-buckets
+            if empty_buckets:
+                console.print()
+                console.print(
+                    "[bold red]⚠️  You are about to permanently delete all bucket data![/bold red]"
+                )
+                response = click.confirm(
+                    "Are you ABSOLUTELY sure you want to empty buckets and delete the stack?",
+                    default=False,
+                )
+                if not response:
+                    console.print("[yellow]Deletion cancelled[/yellow]")
+                    return
+
+        # Perform deletion
+        console.print()
+        with console.status("[bold red]Deleting stack..."):
+            result = deployer.delete_stack(
+                stack_name=stack_name,
+                empty_buckets=empty_buckets,
+                wait=wait,
+            )
+
+        # Show results
+        if result.get("success"):
+            console.print("\n[green]✓ Stack deleted successfully![/green]")
+            console.print(f"Stack: {stack_name}")
+            console.print(f"Status: {result.get('status')}")
+
+            # Note about LoggingBucket
+            console.print()
+            console.print(
+                "[bold]Note:[/bold] LoggingBucket (if exists) is retained by design."
+            )
+            console.print("Delete it manually if no longer needed:")
+            console.print("  [cyan]aws s3 rb s3://<logging-bucket-name> --force[/cyan]")
+            console.print()
+        else:
+            console.print("\n[red]✗ Stack deletion failed![/red]")
+            console.print(f"Status: {result.get('status')}")
+            console.print(f"Error: {result.get('error', 'Unknown')}")
+
+            if "bucket" in result.get("error", "").lower():
+                console.print()
+                console.print(
+                    "[yellow]Tip: Try again with --empty-buckets flag[/yellow]"
+                )
+
+            sys.exit(1)
+
+    except Exception as e:
+        logger.error(f"Error deleting stack: {e}", exc_info=True)
+        console.print(f"[red]✗ Error: {e}[/red]")
+        sys.exit(1)
+
+
 @cli.command()
 @click.option("--stack-name", required=True, help="CloudFormation stack name")
 @click.option(
diff --git a/idp_cli/idp_cli/deployer.py b/idp_cli/idp_cli/deployer.py
