How to delete AWS Workspace with AWS CLI

When you are finished with a WorkSpace, you can delete it. You can also delete related resources. In this post, I’ll be using AWS CLI to delete a WorkSpace that is no longer needed.

To delete a WorkSpace using AWS CLI, we can use terminate-workspaces command [2]. But first, I’d need to find the workspace id.

➜ aws workspaces describe-workspaces --query 'Workspaces[].WorkspaceId' --output text
ws-9xm222222

Now that I got the WorkSpace id as ws-9xm222222, I can proceed to terminate this WorkSpace.

➜ aws workspaces terminate-workspaces --terminate-workspace-requests ws-9xm222222
{
    "FailedRequests": []
}

It is expected to take a little while to terminate a WorkSpace instance. To check the deletion progress, use describe-workspaces API as below:

➜ aws workspaces describe-workspaces --query 'Workspaces[].{WorkspaceId:WorkspaceId,State:State}'
[
    {
        "WorkspaceId": "ws-9xm222222",
        "State": "TERMINATING"
    }
]

➜ aws workspaces describe-workspaces --query 'Workspaces[].{WorkspaceId:WorkspaceId,State:State}'
[]

As WorkSpace relies on directory service, I also need to clean this up [3]. In my case, I was using Simple AD for directory service. Again, I’d need to find the directory service ID.

➜ aws ds describe-directories --query 'DirectoryDescriptions[].{DirectoryId:DirectoryId,Stage:Stage}'
[
    {
        "DirectoryId": "d-97675555555",
        "Stage": "Active"
    }
]

AWS reminds us that “You can delete the directory for your WorkSpaces if it is no longer in use by other WorkSpaces or other applications, such as Amazon WorkDocs, Amazon WorkMail, or Amazon Chime. Note that you must deregister a directory before you can delete it.”

Let’s just try delete the directory service without de-registering it.

➜ aws ds delete-directory --directory-id d-97675555555

An error occurred (ClientException) when calling the DeleteDirectory operation: Cannot delete the directory because it still has authorized applications. : RequestId: a55fd5f9-6666-4444-9999-64fe8e4cefbb

Okay, that makes sense, I need to de-register first. To deregister a directory, we can use the deregister-workspace-directory API [4]:

➜ aws workspaces deregister-workspace-directory --directory-id d-97675555555

There was no output from running deregister-workspace-directory. Let’s try to delete the directory service again.

➜ aws ds delete-directory --directory-id d-97675555555

An error occurred (ClientException) when calling the DeleteDirectory operation: Cannot delete the directory because it still has authorized applications. : RequestId: 191233b8-5555-4444-9999-3d7b4726ba48

Note, it still didn’t let me remove it. A bit weird…. let’s give it a bit of time.

TO BE CONTINUED LATER…

Update (2023-08-11):

It turned out that the directory service cannot be deleted after all, because there is another service, which I wasn’t aware of, still using this DS. What happened is that during the creation of this WorkSpace via Quick Setup, another service called “WorkDocs” also created for me.

Accessing the WorkDocs management console, I could see that there was a WorkDocs site active. From the same page, I could choose to delete this WorkDocs site [5]. Note, there is an option to delete the directory service together with WorkDocs site. I chose not to delete the ds.

Now, that the WorkDocs site has been deleted, the ds should be able to be deleted via the command line as usual:

➜ aws ds delete-directory --directory-id d-9767555555
{
    "DirectoryId": "d-9767555555"
}

Let’s check the progress:

➜ aws ds describe-directories --directory-ids d-9767555555 \
--query 'DirectoryDescriptions[].{DirectoryId:DirectoryId,Stage:Stage,StageReason:StageReason}'
[
    {
        "DirectoryId": "d-9767555555",
        "Stage": "Deleting",
        "StageReason": "User initiated directory deletion."
    }
]

➜ aws ds describe-directories --directory-ids d-9767555555 \
--query 'DirectoryDescriptions[].{DirectoryId:DirectoryId,Stage:Stage,StageReason:StageReason}'
[]

That’s all folks!

References: