You can remove CloudShell Colony's permission to access your Azure account at any time. This is done by deleting your Azure account from CloudShell Colony as well as several Azure resources that were created for that account.
NOTE: The option to manage cloud accounts is available to Colony Administrators only.
To delete your Azure cloud account from CloudShell Colony:
- Remove the cloud account from CloudShell Colony:
- In CloudShell Colony, access the Administration area.
- Open the Cloud Accounts page.
- On the required cloud account's row, click the Actions menu () and select Delete.
- Confirm the action.
The account is removed from CloudShell Colony.
- Delete the Active Directory application:
- Login to Azure Portal using your Admin credentials.
- Open the Azure Active Directory blade.
- From the menu, select App registrations.
- Find the COLONY-[random id] application. If you can’t find this application click View all applications and search again.
- Select the application and click Delete.
CloudShell Colony is blocked from accessing your Azure account.
- Delete the storage account:
- From the menu, select Resource Groups.
- Find the colony[random id] group. This resource group consists of the storage account used by CloudShell Colony.
- Open the resource group.
- In the resource group menu, select Locks and delete any available lock (locks are there to prevent accidental deletion of this resource group).
- Click Delete resource group.
CloudShell Colony's management layer is removed.
- Deleting the cloud account and Active Directory application does not remove the role assignments given to the application and managed identity. Therefore, make sure to delete these as well:
- Open the Subscriptions blade.
- Click the subscription's name.
- From the menu, select Access Control (IAM).
- Click Role assignments.
- Remove any "Identity deleted" role assignments by selecting the assignments and clicking Remove.