Removing Cloud Permissions Firewall
© 2025 Sonrai Security. All rights reserved.
Overview
Removing Cloud Permissions Firewall for your cloud organization takes two steps:
- Reset Your Cloud Permissions Firewall - undo any applied policy changes
- Delete collector stacks in AWS CloudFormation - stop Sonrai monitoring in your cloud organization
If you have multiple AWS Organizations onboarded, you will need to complete these instructions for each organization.
Reset Your Cloud Permissions Firewall
Reset your Cloud Permissions Firewall to undo all applied policy changes in your cloud environment.
- In the Cloud Permissions Firewall app, ensure that you have the correct organization selected.
- To remove the protections you have deployed to one of your organizations, open the menu while viewing Firewall Services for that organization, and click the Remove Permissions Firewall from the Org <your organization> option.
- Confirm that you want to proceed by typing
undoin the text field and clicking . This triggers the removal of all elements from Cloud Permissions Firewall in your cloud, reverting it to its original pre-firewall state.
At this point, Cloud Permissions Firewall will show a status dialog when your environment has returned to its original state. Click when the process is finished.
Any control and policy changes that were rolled back are now available as Pending Changes that you can then review, remove, or redeploy later as desired.
Delete your Sonrai Collector Stack in CloudFormation
- With your Organization Management account, open CloudFormation in the AWS console,
- Find and delete the Sonrai collector stack that was created during account onboarding.
Removing this stack should automatically remove associated StackSets and nested stacks.
Troubleshooting: StackSet is Not Empty
My AWS clean-up fails with a "StackSet is not empty" error... What is happening?
If an AWS account is suspended, then CloudFormation will not delete related stacks in the StackSet leading to an error when you try to remove the Sonrai collector stack:
Resource handler returned message: "StackSet is not empty (Service: CloudFormation, Status Code: 409, Request ID: 429635a0-b460-417b-aae8-5c17db432d65)" (RequestToken: d0a897c8-02d6-39e5-610c-afef318120d8, HandlerErrorCode: GeneralServiceException)
Confirm this in the AWS CloudFormation console. View your StackSets and click on the name of your Cloud Permissions Firewall StackSet to see detailed information. Check Stack instances, and look for any stacks that show a SKIPPED_SUSPENDED_ACCOUNT status.
How do I resolve this error and finish removing Cloud Permissions Firewall?
Remove the problematic StackSets manually, before going back to delete the main Stack.
- While viewing the StackSet details, select Delete stacks from StackSet from the Actions dropdown.
- Specify the following deployment options, as shown below:
- AWS OU ID: Your Organization Unit ID
- Specify Regions: Add all regions
- Maximum concurrent accounts: Percentage 100
- Failure tolerance: Percentage 100
- Retain stacks: Enabled
- Region concurrency: Parallel
- Click Next, and then Submit to remove the remaining StackSet Stack instances.
- Once no StackSet Stack instances remain, delete the main Stack (which had previously failed deletion) again.