Follow-up AWS cleanup from the deployment modernization that moved Toolbox dev+prod onto env-var instance config (APP_TOOLBOX_*) + AWS Secrets Manager + the current RDS instance. AWS access, SSO profiles, the SSM DB tunnel, the per-command confirmation protocol, and the Toolbox AWS Ops 1Password item (which holds the environment-specific identifiers/credentials referenced below) are all documented in docs/aws-access.md — start there.
Two destructive/irreversible tasks — do them only after confirming nothing depends on the resources, and follow the runbook's confirmation protocol for prod/destructive operations.
1. Retire the unused EFS volumes
The deployed task definitions no longer mount EFS — instance config comes from env vars + Secrets Manager, and the fileManager example app's storage was moved to an ephemeral container path. The two EFS file systems that were previously mounted at /toolbox on the toolbox-dev and toolbox-prod tasks are now unused.
- Identify the two file systems (discoverable from the prior task-definition revisions'
volumes, or via the EFS console).
- Confirm nothing else references them, then delete their mount targets / access points and the file systems.
2. Decommission the old shared RDS instance + its DNS
Toolbox dev+prod were migrated off the previous shared RDS instance onto the current one. The old instance still exists.
- First confirm no application still uses the old instance — check its processlist for any remaining app connections (another XH app shared this instance, so verify it has migrated off too). Coordinate before deleting.
- Then: disable deletion protection, take a final snapshot if desired, and delete the instance and its automated backups.
- Remove the old instance's associated private Route53 DNS records.
- The old/new instance identifiers, endpoints, hostnames, and hosted-zone are recorded in the
Toolbox AWS Ops item (and its migration note) in the XH Team 1Password vault, or are discoverable in the AWS console.
Follow-up AWS cleanup from the deployment modernization that moved Toolbox dev+prod onto env-var instance config (
APP_TOOLBOX_*) + AWS Secrets Manager + the current RDS instance. AWS access, SSO profiles, the SSM DB tunnel, the per-command confirmation protocol, and theToolbox AWS Ops1Password item (which holds the environment-specific identifiers/credentials referenced below) are all documented indocs/aws-access.md— start there.Two destructive/irreversible tasks — do them only after confirming nothing depends on the resources, and follow the runbook's confirmation protocol for prod/destructive operations.
1. Retire the unused EFS volumes
The deployed task definitions no longer mount EFS — instance config comes from env vars + Secrets Manager, and the fileManager example app's storage was moved to an ephemeral container path. The two EFS file systems that were previously mounted at
/toolboxon thetoolbox-devandtoolbox-prodtasks are now unused.volumes, or via the EFS console).2. Decommission the old shared RDS instance + its DNS
Toolbox dev+prod were migrated off the previous shared RDS instance onto the current one. The old instance still exists.
Toolbox AWS Opsitem (and its migration note) in theXH Team1Password vault, or are discoverable in the AWS console.