Cleanup instructions
Remove Falcon Sensors deployed by SSM Distributor
- Before deleting any stacks, first update the main template with the following change:
# Create SSM Distributor Associations
AssociationStackSet:
Type: 'AWS::CloudFormation::StackSet'
Condition: CreateSSMAssociations
Properties:
StackSetName: CrowdStrike-Cloud-SSM-Associations-Stackset
Description: Create SSM State Manager Association to automatically manage Falcon Sensor installation across SSM Managed Instances
PermissionModel: SERVICE_MANAGED
CallAs: !If [ IsDelegatedAdmin, 'DELEGATED_ADMIN', 'SELF' ]
ManagedExecution:
Active: true
Parameters:
- ParameterKey: DocumentVersion
ParameterValue: !Ref DocumentVersion
- ParameterKey: SecretsManagerSecretName
ParameterValue: !Ref SecretsManagerSecretName
- ParameterKey: SecretStorageMethod
ParameterValue: 'SecretsManager'
- ParameterKey: Action
ParameterValue: 'Install' <<Change to 'Uninstall'
- Update the main stack, uploading the new version of the template.
- This will update the ‘action’ on all State Manager Associations to ‘Uninstall’ and execute.
- Wait until all associations have completed their Uninstall executions.
Remove Falcon Sensor deployed by EKS Protection
EKS Protection leverages the Falcon Operator, as such to remove any sensors deployed via this method please follow the uninstall steps for each cluster here.
Cleanup instructions
The following must be completed before attempting to redeploy.
- Delete CloudFormation Stack:
- Stack name:
template-crowdstrike-enable-integrations
- Stack name:
- Empty and Delete S3 Bucket
- S3 Bucket Name: aws-abi-${AWS::AccountId}-${AWS::Region}