java-on-aws/apps/java-spring-ai-agents/scripts/14-mcp-policy-cleanup.sh at 04cdcc8eddf516f1ea33ce647947274d102f3f69 · aws-samples/java-on-aws · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
#!/bin/bash
# Cleanup Cedar policies from MCP Gateway
set -e

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"

if [ -f "$SCRIPT_DIR/.env" ]; then
    source "$SCRIPT_DIR/.env"
fi

echo "Cleaning up policies from engine: ${MCP_POLICY_ENGINE_ID}"
echo ""

POLICIES=$(aws bedrock-agentcore-control list-policies \
    --policy-engine-id "${MCP_POLICY_ENGINE_ID}" \
    --query 'policies[].policyId' --output text 2>/dev/null || true)

if [ -z "$POLICIES" ]; then
    echo "No policies found."
    exit 0
fi

for PID in $POLICIES; do
    echo "Deleting: $PID"
    aws bedrock-agentcore-control delete-policy \
        --policy-engine-id "${MCP_POLICY_ENGINE_ID}" \
        --policy-id "$PID" > /dev/null

    echo "  Waiting for deletion..."
    while true; do
        STATUS=$(aws bedrock-agentcore-control get-policy \
            --policy-engine-id "${MCP_POLICY_ENGINE_ID}" \
            --policy-id "$PID" \
            --query 'status' --output text 2>/dev/null || echo "DELETED")

        if [ "$STATUS" = "DELETED" ] || [ -z "$STATUS" ]; then
            echo "  ✅ Deleted"
            break
        fi
        echo "  Status: $STATUS"
        sleep 2
    done
done

echo ""
echo "✅ All policies cleaned up!"