Commit adfe2a25 authored by Vlad Stoianovici's avatar Vlad Stoianovici Committed by David Zhu
Browse files

Update Sandbox Cloud handbook: deletion docs and decommission templates

parent 677e45db

content/handbook/company/infrastructure-standards/realms/sandbox/_index.md

+21 −1
Original line number Diff line number Diff line
@@ -83,8 +83,10 @@ Collaborative Accounts/Projects self-service creation and IAM management is not 


- [Issue Template](https://gitlab.com/gitlab-com/gl-security/corp/issue-tracker/-/issues/new?issuable_template=aws_account_create): New AWS Group Workload (Multi-user) Account Request

- [Issue Template](https://gitlab.com/gitlab-com/gl-security/corp/issue-tracker/-/issues/new?issuable_template=aws_account_iam_update): Add/Remove IAM Users from AWS Group Workload Account

- [Issue Template](https://gitlab.com/gitlab-com/gl-security/corp/issue-tracker/-/issues/new?issuable_template=aws_account_delete): Decommission an AWS Account

- [Issue Template](https://gitlab.com/gitlab-com/gl-security/corp/issue-tracker/-/issues/new?issuable_template=gcp_project_create): New GCP Group (Multi-user) Project Request ([Provisioner Runbook](https://gitlab.com/gitlab-com/gl-security/corp/infra/runbooks/-/blob/main/gitlab-sandbox-cloud/add-group-project-for-gcp.md))

- [Issue Template](https://gitlab.com/gitlab-com/gl-security/corp/issue-tracker/-/issues/new?issuable_template=gcp_project_iam_update): Add/Remove IAM Users from GCP Group Project

- [Issue Template](https://gitlab.com/gitlab-com/gl-security/corp/issue-tracker/-/issues/new?issuable_template=gcp_project_delete): Decommission a GCP Project



#### Production Environments
@@ -193,7 +195,25 @@ See the [Domain Names and DNS Records](https://internal.gitlab.com/handbook/it/i 


## Delete an AWS account or GCP project



When a team member departs GitLab, their individual sandbox accounts are automatically deprovisioned through Okta integration. For manual deletion of active accounts or projects outside of offboarding, please create a request in the [CorpSec issue tracker](https://gitlab.com/gitlab-com/gl-security/corp/issue-tracker/-/issues). Before requesting deletion, make a best effort to delete all resources within the account yourself.

### Individual accounts



Individual accounts can be deleted through self-service in the Sandbox Cloud portal. Before deleting, make a best effort to delete all resources within the account to avoid continued costs during the grace period.



1. Sign in to [https://gitlabsandbox.cloud](https://gitlabsandbox.cloud) and navigate to **Cloud Infrastructure**.

1. Click on the account you want to delete.

1. Use the **Delete Account** option on the account details page.

1. The account enters a grace period before permanent deletion (90 days for AWS, 30 days for GCP). During this period, the account can be restored by contacting `#sandbox-cloud-questions`.



When a team member departs GitLab, their individual sandbox accounts are automatically deprovisioned through Okta integration.



### Collaborative accounts



To decommission a collaborative (multi-user) AWS account or GCP project, file a request using the appropriate issue template. Manager approval is required.



- [Decommission an AWS Account](https://gitlab.com/gitlab-com/gl-security/corp/issue-tracker/-/issues/new?issuable_template=aws_account_delete)

- [Decommission a GCP Project](https://gitlab.com/gitlab-com/gl-security/corp/issue-tracker/-/issues/new?issuable_template=gcp_project_delete)



Before requesting deletion, coordinate with your team to delete all resources within the account. If you have questions, ask in `#sandbox-cloud-questions`.



## Background and History