Remove Cloud App Analyzer Resources

If you decide to stop using Cloud App Analyzer, you'll need to delete the resources it created during the onboarding process for GCP, Azure, and AWS. This topic provides instructions on specific resources that you will need to delete.

Remove GCP Resources

When you onboard a GCP project, folder, or organization with Cloud App Analyzer, several resources are created within each project. If you decide to stop using Cloud App Analyzer, you will need to delete these resources.

Resource Naming Pattern

Each resource name follows the pattern: prevasio-<hash>-<resource_name>, where:

  • <hash>: 5 random letters or digits
  • <resource_name>: Current resource name

List of Resources

  • Pub/Sub Subscriptions
    • prevasio-<hash>-event-subscription
    • prevasio-<hash>-image-attestation-creator-subscription
  • Pub/Sub Topics
    • prevasio-<hash>-images-to-sign
  • Cloud Scheduler
    • prevasio-<hash>-cloud-run-scanner-scheduler
  • Cloud Functions
    • prevasio-<hash>-cloud-run-scanner
    • prevasio-<hash>-image-attestation-creator
    • prevasio-<hash>-events-forwarder
  • Secret Manager
    • prevasio-<hash>-auth-token
    • prevasio-<hash>-url
    • prevasio-<hash>-api-key
    • prevasio-<hash>-org-id
  • Binary Authorization
    • prevasio-<hash>-attestor

    Note: Before deleting the attestor, update the Binary Authorization policy to remove the attestor from the list and set the mode to "Allow all" if it was the only attestor.

  • Key Management
    • prevasio-attestor-keyring
  • Service Accounts
    • prevasio-cspm-<hash>

Remove Azure Resources

When you onboard an Azure organization or subscription with Cloud App Analyzer, resources are created within a specific resource group. If you decide to stop using Cloud App Analyzer, you need to delete this resource group.

Resource Group

All resources are created in the prevasio-<hash>-resource-group resource group, where <hash> is 5 random letters or digits.

Remove AWS Resources

During the onboarding of an AWS account, a CloudFormation stack is created. To delete all resources created by Cloud App Analyzer, simply delete this CloudFormation stack.

CloudFormation Stack

The stack name is specified during onboarding (default value: Prevasio-CSPM-Stack).