Infrastructure Teardown

Galleon provides one-click infrastructure teardown when you need to remove a deployed application's AWS resources. Because teardown destroys data permanently, it includes several safety controls.

Before you destroy

Teardown is irreversible. Before clicking destroy, confirm:

• You have backups of any data you want to keep. Galleon takes a final RDS snapshot by default (see below), but other data — S3 contents, in-memory caches, CloudWatch logs you haven't exported — is destroyed without backup.
• No DNS records still point to this application. If your Route 53 records or external DNS still resolves to the destroyed infrastructure, end users will see errors. Update or remove DNS before teardown if your domain is in active use.
• No other applications depend on this one. Shared resources (custom VPCs, peering connections) aren't typical for Galleon deployments, but if you've manually configured anything that reaches into this app's infrastructure, those connections will break.

How it works

1. Navigate to your repository detail page in the Galleon UI.
2. Click Destroy on the application you want to tear down.
3. Confirm by typing the application name in the confirmation dialog. The dialog lists exactly what will be destroyed.
4. Galleon triggers a destroy workflow via GitHub Actions, running in your repository with your AWS credentials.
5. Terraform runs terraform destroy to remove all provisioned resources, taking a final RDS snapshot before database deletion (see safety controls below).
6. Live destroy logs stream in the UI, just like deployment logs.
7. On successful destruction, the application is marked as destroyed in Galleon and archived. Deployment history, failure analysis, and cost data remain accessible for 30 days, then are permanently deleted.

If destroy fails partway through, the application is left in a partially_destroyed state. The Galleon UI shows which resources remain and provides a retry option. You can also inspect remaining resources directly in your AWS console — they'll still carry the galleon-* naming prefix.

What gets removed

All AWS resources created by Galleon for that application:

• Compute — ECS services and tasks, Lambda functions
• Networking — Application Load Balancers, target groups, security groups, VPC components created by Galleon
• Storage — S3 buckets (with all contents), ECR repositories (with all images)
• CDN — CloudFront distributions
• Database — RDS instances (with a final snapshot taken first, by default)
• Cache — ElastiCache clusters (data lost on destruction; ElastiCache snapshots are not automatic)
• Monitoring — CloudWatch log groups
• IAM — Task execution roles, Lambda execution roles

Resources are identified by the galleon-* naming prefix and are scoped to the specific application being destroyed. Other Galleon applications in the same AWS account are not affected.

Safety controls

Typed confirmation. The destroy dialog requires you to type the application name to confirm. This is intentional friction — destroy is irreversible, and we'd rather slow you down by ten seconds than let an accidental click cost you a database.

Final RDS snapshot. When destroying an application with an attached RDS database, Galleon takes a final snapshot before deletion. The snapshot is named galleon-final-<app>-<timestamp> and remains in your AWS account until you delete it manually. You can restore it from the AWS console at any time.

You can disable the final snapshot in your application's deployment configuration if you don't want it (e.g., for ephemeral test environments). It's on by default for all Growth and Scale tier deployments.

S3 force-delete. S3 buckets created by Galleon are destroyed including their contents. This requires force_destroy = true in the Terraform configuration. If your bucket contains data you want to preserve, copy it elsewhere before destroying the application.

Soft-delete with recovery window. The application record in Galleon is archived for 30 days after destruction. You can view deployment history, failure analysis, and cost data during that window, but the application cannot be redeployed without re-running setup. After 30 days, the archived record is permanently deleted.

AWS connection persists. Teardown does not remove your Galleon AWS connection (the cross-account IAM role). The connection remains available for other applications in the same project. To fully disconnect your AWS account, see the section below.

Removing your AWS connection

To fully disconnect your AWS account from Galleon — for example, if you're closing your Galleon account or moving to a different AWS account — remove both the Galleon-side connection and the AWS-side IAM role.

1. In Galleon, delete the AWS connection from the project settings page. This severs Galleon's ability to use the role.
2. In AWS, delete the CloudFormation stack to remove the IAM role and policies:

aws cloudformation delete-stack --stack-name galleon-access-role

3. Verify the stack is deleted:

aws cloudformation describe-stacks --stack-name galleon-access-role

The command should return an error indicating the stack does not exist. If it returns the stack with a DELETE_IN_PROGRESS status, wait and retry.

Once the stack is deleted, Galleon has no access to your AWS account. Any remaining infrastructure created by Galleon (e.g., from applications you didn't destroy first) remains in your account but is no longer manageable through Galleon. You can identify and remove those resources manually using the galleon-* naming prefix.

Next steps

• AWS Setup — How the AWS connection is created
• Deployments — How the deployment pipeline works