So you’re working on a development account, and Terraform is stuck in a cycle, not allowing you to easily destroy the remaining resources? Enter the world of nuke CLIs !
cloud-nuke
At the time of writing, I used version v0.1.16
From Gruntwork, written in Go, will not destroy as many objects as aws-nuke; has been around since May 2017
If you’re using ~/.aws/credentials , choose (wisely!) the account alias (myenv-dev in my case) in there and then:
|
1 |
AWS_PROFILE=myenv-dev ~/Downloads/cloud-nuke_darwin_amd64 aws |
But actually, you’ll probably want to narrow the scope down to a single region; so you’d have to specify it in the command line:
|
1 |
AWS_PROFILE=myenv-dev ~/Downloads/cloud-nuke_darwin_amd64 aws --region=eu-west-1 |
If you call it with the list argument, aws --list-resource-types you’ll get a list of what resources are supported for deletion:
|
1 2 3 4 5 6 7 8 9 10 11 12 |
ami asg ebs ec2 ecsserv eip ekscluster elb elbv2 lc rds snap |
aws-nuke
At the time of writing, I used version v2.14.0
From rebuy.de, written in Ruby, will destroy many objects, if not all, supports filters, requires a config file; has been around since June 2016.
You’ll need to provide a config file; a minimal one can be something like this nuke.yml file
|
1 2 3 4 5 6 7 8 9 |
regions: - eu-west-1 - global # for resources not bound to a specific region, such as Route53 zones for example account-blacklist: - "111222333444" # production accounts: "999888777666": {} # aws-nuke-example |
If you’re using ~/.aws/credentials , choose (wisely!) the account alias (myenv-dev in my case) in there and then:
|
1 |
AWS_PROFILE=myenv-dev ~/Downloads/aws-nuke-v2.14.0-darwin-amd64 --config nuke.yml |
If you call it with the list argument, resource-types , you’ll get a list of what resources are supported for deletion:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 |
ACMCertificate ACMPCACertificateAuthority ACMPCACertificateAuthorityState APIGatewayAPIKey APIGatewayClientCertificate APIGatewayDomainName APIGatewayRestAPI APIGatewayUsagePlan APIGatewayVpcLink AWSBackupPlan AWSBackupRecoveryPoint AWSBackupSelection AWSBackupVault AppStreamDirectoryConfig AppStreamFleet AppStreamFleetState AppStreamImage AppStreamImageBuilder AppStreamImageBuilderWaiter AppStreamStack AppStreamStackFleetAttachment AutoScalingGroup AutoScalingPlansScalingPlan BatchComputeEnvironment BatchComputeEnvironmentState BatchJobQueue BatchJobQueueState Cloud9Environment CloudDirectoryDirectory CloudDirectorySchema CloudFormationStack CloudFrontDistribution CloudFrontDistributionDeployment CloudHSMV2Cluster CloudHSMV2ClusterHSM CloudSearchDomain CloudTrailTrail CloudWatchAlarm CloudWatchDashboard CloudWatchEventsRule CloudWatchEventsTarget CloudWatchLogsDestination CloudWatchLogsLogGroup CodeBuildProject CodeCommitRepository CodeDeployApplication CodePipelinePipeline CodeStarProject CognitoIdentityPool CognitoUserPool CognitoUserPoolDomain ConfigServiceConfigRule ConfigServiceConfigurationRecorder ConfigServiceDeliveryChannel DAXCluster DAXParameterGroup DAXSubnetGroup DataPipelinePipeline DatabaseMigrationServiceCertificate DatabaseMigrationServiceEndpoint DatabaseMigrationServiceEventSubscription DatabaseMigrationServiceReplicationInstance DatabaseMigrationServiceReplicationTask DatabaseMigrationServiceSubnetGroup DeviceFarmProject DirectoryServiceDirectory DynamoDBTable DynamoDBTableItem EC2Address EC2ClientVpnEndpoint EC2ClientVpnEndpointAttachment EC2CustomerGateway EC2DHCPOption EC2Image EC2Instance EC2InternetGateway EC2InternetGatewayAttachment EC2KeyPair EC2LaunchTemplate EC2NATGateway EC2NetworkACL EC2NetworkInterface EC2PlacementGroup EC2RouteTable EC2SecurityGroup EC2Snapshot EC2SpotFleetRequest EC2Subnet EC2TGW EC2TGWAttachment EC2VPC EC2VPCEndpoint EC2VPCEndpointServiceConfiguration EC2VPCPeeringConnection EC2VPNConnection EC2VPNGateway EC2VPNGatewayAttachment EC2Volume ECRRepository ECSCluster ECSClusterInstance ECSService ECSTaskDefinition EFSFileSystem EFSMountTarget EKSCluster ELB ELBv2 ELBv2TargetGroup EMRCluster EMRSecurityConfiguration ESDomain ElasticBeanstalkApplication ElasticBeanstalkEnvironment ElasticTranscoderPipeline ElasticacheCacheCluster ElasticacheReplicationGroup ElasticacheSubnetGroup FSxBackup FSxFileSystem FirehoseDeliveryStream GlueClassifier GlueConnection GlueCrawler GlueDatabase GlueDevEndpoint GlueJob GlueTrigger IAMGroup IAMGroupPolicy IAMGroupPolicyAttachment IAMInstanceProfile IAMInstanceProfileRole IAMLoginProfile IAMOpenIDConnectProvider IAMPolicy IAMRole IAMRolePolicy IAMRolePolicyAttachment IAMSAMLProvider IAMServerCertificate IAMServiceSpecificCredential IAMUser IAMUserAccessKey IAMUserGroupAttachment IAMUserPolicy IAMUserPolicyAttachment IAMVirtualMFADevice IoTAuthorizer IoTCACertificate IoTCertificate IoTJob IoTOTAUpdate IoTPolicy IoTRoleAlias IoTStream IoTThing IoTThingGroup IoTThingType IoTThingTypeState IoTTopicRule KMSAlias KMSKey KinesisAnalyticsApplication KinesisStream KinesisVideoProject LambdaEventSourceMapping LambdaFunction LaunchConfiguration LifecycleHook LightsailDisk LightsailDomain LightsailInstance LightsailKeyPair LightsailLoadBalancer LightsailStaticIP MQBroker MSKCluster MachineLearningBranchPrediction MachineLearningDataSource MachineLearningEvaluation MachineLearningMLModel MediaConvertJobTemplate MediaConvertPreset MediaConvertQueue MediaLiveChannel MediaLiveInput MediaLiveInputSecurityGroup MediaPackageChannel MediaPackageOriginEndpoint MediaStoreContainer MediaStoreDataItems MediaTailorConfiguration MobileProject NeptuneCluster NeptuneInstance NetpuneSnapshot OpsWorksApp OpsWorksCMBackup OpsWorksCMServer OpsWorksCMServerState OpsWorksInstance OpsWorksLayer OpsWorksUserProfile RDSDBCluster RDSDBClusterParameterGroup RDSDBParameterGroup RDSDBSubnetGroup RDSInstance RDSSnapshot RedshiftCluster RedshiftParameterGroup RedshiftSnapshot RedshiftSubnetGroup RekognitionCollection ResourceGroupGroup RoboMakerDeploymentJob RoboMakerFleet RoboMakerRobot RoboMakerRobotApplication RoboMakerSimulationApplication RoboMakerSimulationJob Route53HostedZone Route53ResourceRecordSet S3Bucket S3MultipartUpload S3Object SESConfigurationSet SESIdentity SESReceiptFilter SESReceiptRuleSet SESTemplate SFNStateMachine SNSEndpoint SNSPlatformApplication SNSSubscription SNSTopic SQSQueue SSMActivation SSMAssociation SSMDocument SSMMaintenanceWindow SSMParameter SSMPatchBaseline SSMResourceDataSync SageMakerEndpoint SageMakerEndpointConfig SageMakerModel SageMakerNotebookInstance SageMakerNotebookInstanceState SecretsManagerSecret ServiceCatalogConstraintPortfolioAttachment ServiceCatalogPortfolio ServiceCatalogPortfolioProductAttachment ServiceCatalogPortfolioShareAttachment ServiceCatalogPrincipalPortfolioAttachment ServiceCatalogProduct ServiceCatalogProvisionedProduct ServiceCatalogTagOption ServiceCatalogTagOptionPortfolioAttachment ServiceDiscoveryInstance ServiceDiscoveryNamespace ServiceDiscoveryService SimpleDBDomain StorageGatewayFileShare StorageGatewayGateway StorageGatewayTape StorageGatewayVolume WAFRegionalByteMatchSet WAFRegionalByteMatchSetIP WAFRegionalIPSet WAFRegionalIPSetIP WAFRegionalRateBasedRule WAFRegionalRateBasedRulePredicate WAFRegionalRegexMatchSet WAFRegionalRegexMatchTuple WAFRegionalRegexPatternSet WAFRegionalRegexPatternString WAFRegionalRule WAFRegionalRulePredicate WAFRegionalWebACL WAFRegionalWebACLRuleAttachment WAFRule WAFWebACL WAFWebACLRuleAttachment WorkLinkFleet WorkSpacesWorkspace |
Conclusion
Well, if you need to delete everything and be able to filter some resources out, then I guess aws-nukeis the way to go!