Follow-up from "Remove AWS Proxy from EKS form"

The following discussion from !20020 (merged) should be addressed:

• @drewcimino started a discussion: (+3 comments)

  Is there any other way to delete a user-associated Aws::Role record?

Further discussion:

@drewcimino:

I'm thinking about a scenario where somebody just needs to disconnect Gitlab from their AWS account, not rotate a credential or update it to another valid one. The way AuthorizeRoleService is written, the credentials are updated in the db before they actually get used in a request to AWS, so if someone needs to invalidate they can just write some garbage credentials to their account.

I guess this is sort of a UX/Product question, what a "disconnect my account from AWS" looks like. Do you know if that's a process we want to support? Or know who would know?

@tigerwnz:

I think in this case the most suitable option (regardless of what GitLab offers) is to revoke access from the AWS side, at which point it wouldn't matter what GitLab has stored.

If we decide from product perspective that credentials stored in Gitlab don't need to be blanked out, then an AWS-side revoke is fine and we can close this.