Skip to main content

Manage Anyscale clouds on AWS

The creator or assigned owner of an Anyscale cloud can manage deployed cloud resources. The three main ways to modify an Anyscale cloud are deleting, editing, and setting default resources.

Delete an Anyscale Cloud

To delete an Anyscale Cloud, follow these steps to ensure a safe and complete removal of all associated resources. This process involves terminating instances and clusters, running the deletion command, and understanding the post-deletion implications.

Step 1: Terminate all active instances and clusters

For all clusters with running, pending, and error statuses, follow the instructions in the UI to stop the workload. Verify in your AWS Management Console that these cluster have no running instances.

Step 2: Delete the cloud

Delete the Anyscale cloud with the following command:

$ anyscale cloud delete --name ANYSCALE_CLOUD_NAME

Example command and output:

$ anyscale cloud delete --name example_cloud_name

Authenticating
Loaded Anyscale authentication token from ANYSCALE_CLI_TOKEN.

Output
If the cloud cld_prcjv8jc9tmbv3q54mc2h7dnl6 is deleted, you will not be able to access existing clusters of this cloud.
For more information, please refer to the documentation https://docs.anyscale.com/user-guide/onboard/clouds#cloud-deletion
Continue? [y/N]: y
(anyscale +6.8s)
Track progress of cloudformation at https://ap-southeast-1.console.aws.amazon.com/cloudformation/home?region=ap-southeast-1#/stacks/stackinfo?stackId=arn:aws:cloudformation:ap-southeast-1:123456:stack/cld-prcjv8jc32r89fniuf23/123456789
⠸ Deleting cloud resources through cloudformation...(anyscale +49.1s) Cloudformation stack arn:aws:cloudformation:ap-southeast-1:815664363732:stack/cld-prcjv8jc32r89fniuf23/123456789 is deleted.
(anyscale +49.1s)
The S3 bucket (anyscale-production-data-cld-prcjv8jc32r89fniuf23) associated with this cloud still exists.
If you no longer need the data associated with this bucket, please delete it.
(anyscale +49.4s) Deleted cloud with name example_cloud_name.
  • This operation is only supported if the cloud has no non-terminated clusters associated with it, that means there are no running nor pending instances.
    • If the cluster's status is running, terminate the cluster.
    • If the cluster has an error status, follow the instructions on the error. Also check your AWS console to ensure that there are no running instances of this cluster.

Post-deletion implications

  • After deleting an Anyscale cloud, you can no longer create clusters, workspaces, jobs, or services using this cloud.
  • Any clusters associated with the deleted cloud are no longer accessible.
  • If a service was deployed in this cloud, deleting the cloud also removes any Anyscale managed ALB resources and TLS certificates associated with it. In the event that the deletion of ALB resources fails, the cloud deletion process aborts until you properly clean up these resources. Once you resolve them, re-run cloud deletion to remove any remaining resources.
caution

When you delete an Anyscale cloud that you set up using anyscale cloud setup, Anyscale also removes all associated resources.

However, deleting a cloud created using anyscale cloud register doesn't automatically remove any AWS resources you created. To revoke Anyscale's access to these AWS resources, you should either delete the cross account access role or remove Anyscale from the trust policy.

You can revoke Anyscale's access to your AWS account by deleting the Anyscale IAM role in your account, which has the following format: anyscale-iam-role or anyscale-iam-role-<8 hex digits>.

Set a default Anyscale cloud

Anyscale launches clusters in the default Cloud if you don't specify one specified in the compute configs. You can set a default Anyscale Cloud with this command:

 anyscale cloud set-default ANYSCALE_CLOUD_NAME

Edit custom resources

For Anyscale Clouds deployed with anyscale cloud register, you can modify the EFS and S3 ID. Prior to editing, Anyscale performs a static verification of cloud resources. If errors occur during this validation, review, and resolve any issues. The editable resources are: AWS S3 ID, AWS EFS ID, AWS EFS mount target ID.

EFS

Specify both the EFS ID and location:

# Edit EFS ID.
$ anyscale cloud edit <cloud-name> --aws-efs-id=<your_new_aws_efs_id>

# Edit EFS mount target ID.
$ anyscale cloud edit <cloud-name> --aws-efs-mount-target-ip=<your_new_aws_efs_mount_target_id>

S3 ID

Use the following command to modify the S3 ID:

# Edit AWS S3 ID.
$ anyscale cloud edit <cloud-name> --aws-s3-id=<your_new_aws_s3_id>
🏁Verify an Anyscale cloud

To ensure that the edited Anyscale cloud meets the requirements, add the optional flag --functional-verify workspace,service to anyscale cloud edit to launch a test workspace and service.

🧹Clean up resources

Editing and replacing resources doesn't automatically delete unused entities. You must separately delete any unwanted resources.

Additional options

  • Use cloud-id as an alternative to cloud-name. For example:
$ anyscale cloud edit --cloud-id=<cloud_id> --aws-s3-id=<your_new_aws_s3_id>
  • Ensure the functionality of your edited cloud with functional verification. You can add the flag --functional-verify workspace or --functional-verify service in the command, to automatically launch a workspace or service from your cloud and verify your edited cloud is functional. For example:
$ anyscale cloud edit <cloud-name> --aws-s3-id=<your_new_aws_s3_id> --functional-verify workspace

Important notes

  • Before the edit, Anyscale executes a static cloud verification and requests for confirmation. Ensure you review any warnings or errors in the verification results.
  • The edit applies only to anyscale cloud register clouds, not anyscale cloud setup clouds.
  • If there are running workloads utilizing the old resources, you may want to retain them. Note that this edit doesn't automatically remove any old resources. If you wish to delete them, you need to handle it.

Update IAM role

For anyscale cloud setup clouds, you can use cloud update command keep your cross-account IAM role up to date. The cross account IAM role looks like anyscale-iam-role-<random chars>.

First make sure to run pip install -U anyscale to upgrade your Anyscale CLI to the latest version. Then update the cloud:

$ anyscale cloud update <cloud_name>

You can also update the cloud using cloud ID:

$ anyscale cloud update --id <cloud_id>

Anyscale maintains 3 inline policies: Anyscale_IAM_Policy_Steady_State, Anyscale_IAM_Policy_Service_Steady_State, Anyscale_IAM_Policy_Initial_Setup. Running cloud update will create or overwrite these policies.

caution

If you edit these policies before, you'll see drifts on your cross account IAM role. We will resolve the drifts by appending the drifted statements to an inline policy Customer_Drifts_Policy. If you remove some permissions or restrict the resources in the policy, you may want to reapply the changes manually after cloud update completes.