Skip to main content
When you are done with a training session, run terraform destroy to terminate all instances, release Elastic IPs, and remove every AWS resource created by redStack. Leaving the lab running incurs charges 24/7.

Destroy the lab

1

Run terraform destroy

From inside the redStack/ directory:
terraform destroy
2

Confirm the operation

Terraform prints the full destroy plan and prompts for confirmation. Type yes and press Enter.
Do you really want to destroy all resources?
  Terraform will destroy all your managed infrastructure, as shown above.
  There is no undo. Only 'yes' will be accepted to confirm.

  Enter a value: yes
3

Wait for completion

Terraform removes all resources in dependency order. Expected final output:
Destroy complete! Resources: 50+ destroyed.
This typically takes 3-5 minutes.
Do not close the terminal or interrupt terraform destroy mid-run. A partial destroy leaves orphaned resources that continue to incur charges and may cause terraform apply to fail on the next deployment.

Verify clean teardown

After terraform destroy completes, confirm in the AWS console that no billable resources remain. Open the EC2 Dashboard and check each section. Make sure the console region matches the region in terraform.tfvars — resources are invisible when viewing the wrong region.

EC2 → Instances

All redStack instances should show terminated status. AWS keeps terminated instance records for a short period before they disappear from the list. A running or stopped instance after destroy means something went wrong — investigate and manually terminate if needed.Quick CLI check:
aws ec2 describe-instances \
  --filters "Name=tag:CostCenter,Values=redStack" \
  --query 'Reservations[].Instances[].{ID:InstanceId,State:State.Name}'
All entries should show "State": "terminated".
No redStack Elastic IPs should remain allocated. Two EIPs are created at deploy time (Guacamole and redirector). If either remains after destroy, it will accrue hourly charges indefinitely.If an EIP remains, release it manually:
  1. EC2 → Network & Security → Elastic IPs
  2. Select the EIP → Actions → Release Elastic IP address
Both redStack VPCs should be removed:
  • Team server VPC (172.31.0.0/16 or your custom vpc_cidr)
  • Redirector VPC (10.60.0.0/16 or your custom redirector_vpc_cidr)
Stray VPCs do not incur charges on their own, but their presence may indicate that the destroy did not complete cleanly. Any dependent resources (subnets, route tables, security groups, VPC peering connections) should also be gone.
rs-rsa-key will still be listed after terraform destroy. The SSH key pair is created manually before deployment and is not managed by Terraform — it persists across deployments by design so you do not need to recreate it each time.Delete it manually only if you are permanently done with redStack:
  1. EC2 → Network & Security → Key Pairs
  2. Select rs-rsa-keyActions → Delete
Deleting the key pair from AWS does not delete the local .pem file. Keep the file if you plan to redeploy.

Redeploying from scratch

To spin up a fresh lab after a clean destroy:
1

Verify the previous destroy completed cleanly

Check the EC2 Dashboard as described above. Do not redeploy on top of a partially destroyed environment — it will cause Terraform state conflicts.
2

Review terraform.tfvars

Your configuration file is preserved between deployments. Update any values you want to change (instance types, URI prefixes, VPN settings) before redeploying.
3

Reinitialize and apply

terraform init
terraform apply
Type yes when prompted.
4

Wait for cloud-init to complete

Wait 5-10 minutes after terraform apply finishes for all user data scripts to complete on each instance. Mythic takes the longest (Docker image pulls). Verify with terraform output deployment_info.
Credentials are regenerated on each deployment. After redeploying, run terraform output deployment_info to get the new passwords and IPs before accessing the lab.

Partial cleanup: stopping instances without destroying

If you want to pause the lab between sessions without destroying it, stop all instances from the EC2 Dashboard:
  1. EC2 → Instances → Instances
  2. Select all redStack instances
  3. Instance State → Stop
Restart when you are ready:
  1. Select the same instances
  2. Instance State → Start
  3. Wait 5-10 minutes for services to come back up
Stopping instances does not eliminate all charges. EBS storage volumes (~140 GB total) and Elastic IPs (2 allocated) continue to incur costs even when instances are stopped. See Cost Management for a full breakdown.

Build docs developers (and LLMs) love

Get started for freeTalk to us