From 6364eba055ff8678610ff2f4fbc9e58ce34df79e Mon Sep 17 00:00:00 2001 From: Igor Rodionov Date: Thu, 19 Sep 2024 20:40:36 +0300 Subject: [PATCH 1/9] Cleanup all resources --- .github/aws-nuke.yaml | 134 +++++++++++++++++++++--------------------- 1 file changed, 67 insertions(+), 67 deletions(-) diff --git a/.github/aws-nuke.yaml b/.github/aws-nuke.yaml index dfb1c33..1edab91 100644 --- a/.github/aws-nuke.yaml +++ b/.github/aws-nuke.yaml @@ -124,8 +124,8 @@ resource-types: - SNSTopic # don't nuke IAM users - excludes: - - IAMUser + # excludes: + # - IAMUser accounts: # testing account @@ -244,223 +244,223 @@ presets: CloudTrailTrail: - property: "Name" type: "regex" - value: "^cpco-.*" + value: "^.*$" CloudWatchAlarm: - property: "Name" type: "regex" # Alarm names have a path component, so do not anchor to start of string - value: "cpco-.*" + value: "^.*$" CodeDeployApplication: - property: "Name" type: "regex" - value: "^cpco-.*" + value: "^.*$" S3Bucket: - property: "Name" type: "regex" - value: "^cpco-.*" + value: "^.*$" S3Object: - property: "Bucket" type: "regex" - value: "^cpco-.*" + value: "^.*$" EC2VPC: - property: "tag:Name" type: "regex" - value: "^cpco-.*" + value: "^.*$" EC2Volume: - property: "tag:Name" type: "regex" - value: "^cpco-.*" + value: "^.*$" EC2SecurityGroup: - property: "Name" type: "regex" - value: "^cpco-.*" + value: "^.*$" - property: "tag:Name" type: "regex" - value: "^fargate-default$" + value: "^.*$" EC2Instance: - property: "tag:Name" type: "regex" - value: "^cpco-.*" + value: "^.*$" EC2NetworkInterface: - property: "tag:Name" type: "regex" - value: "^cpco-.*" + value: "^.*$" - property: "tag:Name" type: "regex" - value: "^cpco-.*" + value: "^.*$" EC2InternetGateway: - property: "tag:Name" type: "regex" - value: "^cpco-.*" + value: "^.*$" EC2LaunchTemplate: - property: "tag:Name" type: "regex" - value: "^cpco-.*" + value: "^.*$" EC2NATGateway: - property: "tag:Name" type: "regex" - value: "^cpco-.*" + value: "^.*$" EC2InternetGatewayAttachment: - property: "tag:igw:Name" type: "regex" - value: "^cpco-.*" + value: "^.*$" EC2Subnet: - property: "tag:Name" type: "regex" - value: "^cpco-.*" + value: "^.*$" EC2RouteTable: - property: "tag:Name" type: "regex" - value: "^cpco-.*" + value: "^.*$" EC2NetworkACL: - property: "tag:Name" type: "regex" - value: "^cpco-.*" + value: "^.*$" AutoScalingGroup: - property: "tag:Name" type: "regex" - value: "^cpco-.*" + value: "^.*$" ECSService: - property: "tag:Name" type: "regex" - value: "^cpco-.*" + value: "^.*$" ECSCluster: - property: "tag:Name" type: "regex" - value: "^cpco-.*" + value: "^.*$" ECSTaskDefinition: - - property: "tag:Name" - type: "regex" - value: "^cpco-.*" + - property: "tag:Name" + type: "regex" + value: "^.*$" EKSCluster: - type: "regex" - value: "^cpco-.*" + value: "^.*$" EKSNodegroups: - type: "regex" - value: "^cpco-.*" + value: "^.*$" EKSFargateProfile: - type: "regex" - value: "^cpco-.*" + value: "^.*$" ELBLoadBalancer: - property: "tag:Name" type: "regex" - value: "^cpco-.*" + value: "^.*$" ELBv2: - type: "regex" - value: "^cpco-.*" + value: "^.*$" - type: "regex" - value: "^atlantis$" + value: "^.*$" ELBv2TargetGroup: - type: "regex" - value: "^cpco-.*" + value: "^.*$" CloudformationStack: - property: "tag:Name" type: "regex" - value: "^cpco-.*" + value: "^.*$" NeptuneCluster: - property: "tag:Name" type: "regex" - value: "^cpco-.*" + value: "^.*$" NetpuneSnapshot: - property: "tag:Name" type: "regex" - value: "^cpco-.*" + value: "^.*$" RDSInstance: - property: "tag:Name" type: "regex" - value: "^cpco-.*" + value: "^.*$" RDSClusterSnapshot: - property: "tag:Name" type: "regex" - value: "^cpco-.*" + value: "^.*$" RDSDBClusterParameterGroup: - property: "tag:Name" type: "regex" - value: "^cpco-.*" + value: "^.*$" RDSOptionGroup: - property: "tag:Name" type: "regex" - value: "^cpco-.*" + value: "^.*$" RDSDBParameterGroup: - property: "tag:Name" type: "regex" - value: "^cpco-.*" + value: "^.*$" RDSDBSubnetGroup: - property: "tag:Name" type: "regex" - value: "^cpco-.*" + value: "^.*$" IAMInstanceProfile: - type: "regex" - value: "^cpco-.*" + value: "^.*$" IAMInstanceProfileRole: - type: "regex" - value: "^cpco-.*" + value: "^.*$" IAMRole: - type: "regex" - value: "^cpco-.*" + value: "^.*$" - type: "regex" - value: "^atlantis" + value: "^.*$" IAMRolePolicy: - property: "role:RoleName" type: "regex" - value: "^cpco-.*" + value: "^.*$" IAMRolePolicyAttachment: - type: "regex" - value: "^cpco-.*" + value: "^.*$" - type: "regex" - value: "^atlantis.*" + value: "^.*$" IAMPolicy: - type: "regex" - value: "^arn:aws:iam::[0-9]+:policy/cpco-.*" + value: "^.*$" - type: "regex" - value: "^arn:aws:iam::[0-9]+:policy/service-role/cpco-.*" + value: "^.*$" - type: "regex" - value: "^arn:aws:iam::[0-9]+:policy/atlantis.*" + value: "^.*$" KMSAlias: - property: "Name" type: "regex" # KMSAlias does not have tags, and names start with "alais/" - value: "cpco-" + value: "^.*$" KMSKey: - property: "tag:Name" type: "regex" - value: "^cpco-.*" + value: "^.*$" CloudWatchLogsLogGroup: - type: "regex" - value: "^/aws/eks/cpco-.*" + value: "^.*$" - type: "regex" - value: "^/aws/lambda/CIS.*" + value: "^.*$" EMRCluster: - type: "regex" - value: "^cpco-.*" + value: "^.*$" EC2KeyPair: - type: "regex" - value: "^cpco-.*" + value: "^.*$" IAMGroup: - type: "regex" - value: "^cpco-.*" + value: "^.*$" IAMGroupPolicyAttachment: - type: "regex" - value: "^cpco-.*" + value: "^.*$" IAMOpenIDConnectProvider: - property: "tag:Name" type: "regex" - value: "^cpco-.*" + value: "^.*$" Route53ResourceRecordSet: - property: "Name" type: "exact" - value: "testing.cloudposse.co." + value: "^.*$" - property: "Name" type: "exact" - value: "us-west-2-ecs.testing.cloudposse.co." + value: "^.*$" - property: "Name" type: "regex" - value: ".*atlantis.*" + value: "^.*$" Route53HostedZone: - property: "Name" type: "regex" - value: "^(?:us-west-2.)?(?:us-west-2-ecs.)?testing.cloudposse.co." + value: "^.*$" SSMParameter: - property: "Name" type: "regex" - value: "cpco-" + value: "^.*$" From 9b2127f142fe7ab8bb21822644c9e3a52b665e47 Mon Sep 17 00:00:00 2001 From: Igor Rodionov Date: Thu, 19 Sep 2024 20:45:44 +0300 Subject: [PATCH 2/9] Update aws-nuke.yaml --- .github/aws-nuke.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/aws-nuke.yaml b/.github/aws-nuke.yaml index 1edab91..6452307 100644 --- a/.github/aws-nuke.yaml +++ b/.github/aws-nuke.yaml @@ -443,8 +443,8 @@ presets: - type: "regex" value: "^.*$" IAMOpenIDConnectProvider: - - property: "tag:Name" - type: "regex" + - property: "tag:Name" + type: "regex" value: "^.*$" Route53ResourceRecordSet: - property: "Name" @@ -461,6 +461,6 @@ presets: type: "regex" value: "^.*$" SSMParameter: - - property: "Name" - type: "regex" + - property: "Name" + type: "regex" value: "^.*$" From 4e4fadedcb0e18d9cf6d30852d16dc887e3fb356 Mon Sep 17 00:00:00 2001 From: Igor Rodionov Date: Thu, 19 Sep 2024 20:38:39 +0200 Subject: [PATCH 3/9] Delete all resources --- .github/aws-nuke.yaml | 126 +++++++++++++++++++++--------------------- 1 file changed, 63 insertions(+), 63 deletions(-) diff --git a/.github/aws-nuke.yaml b/.github/aws-nuke.yaml index 6452307..70c8fa4 100644 --- a/.github/aws-nuke.yaml +++ b/.github/aws-nuke.yaml @@ -244,223 +244,223 @@ presets: CloudTrailTrail: - property: "Name" type: "regex" - value: "^.*$" + value: ".*" CloudWatchAlarm: - property: "Name" type: "regex" # Alarm names have a path component, so do not anchor to start of string - value: "^.*$" + value: ".*" CodeDeployApplication: - property: "Name" type: "regex" - value: "^.*$" + value: ".*" S3Bucket: - property: "Name" type: "regex" - value: "^.*$" + value: ".*" S3Object: - property: "Bucket" type: "regex" - value: "^.*$" + value: ".*" EC2VPC: - property: "tag:Name" type: "regex" - value: "^.*$" + value: ".*" EC2Volume: - property: "tag:Name" type: "regex" - value: "^.*$" + value: ".*" EC2SecurityGroup: - property: "Name" type: "regex" - value: "^.*$" + value: ".*" - property: "tag:Name" type: "regex" - value: "^.*$" + value: ".*" EC2Instance: - property: "tag:Name" type: "regex" - value: "^.*$" + value: ".*" EC2NetworkInterface: - property: "tag:Name" type: "regex" - value: "^.*$" + value: ".*" - property: "tag:Name" type: "regex" - value: "^.*$" + value: ".*" EC2InternetGateway: - property: "tag:Name" type: "regex" - value: "^.*$" + value: ".*" EC2LaunchTemplate: - property: "tag:Name" type: "regex" - value: "^.*$" + value: ".*" EC2NATGateway: - property: "tag:Name" type: "regex" - value: "^.*$" + value: ".*" EC2InternetGatewayAttachment: - property: "tag:igw:Name" type: "regex" - value: "^.*$" + value: ".*" EC2Subnet: - property: "tag:Name" type: "regex" - value: "^.*$" + value: ".*" EC2RouteTable: - property: "tag:Name" type: "regex" - value: "^.*$" + value: ".*" EC2NetworkACL: - property: "tag:Name" type: "regex" - value: "^.*$" + value: ".*" AutoScalingGroup: - property: "tag:Name" type: "regex" - value: "^.*$" + value: ".*" ECSService: - property: "tag:Name" type: "regex" - value: "^.*$" + value: ".*" ECSCluster: - property: "tag:Name" type: "regex" - value: "^.*$" + value: ".*" ECSTaskDefinition: - property: "tag:Name" type: "regex" - value: "^.*$" + value: ".*" EKSCluster: - type: "regex" - value: "^.*$" + value: ".*" EKSNodegroups: - type: "regex" - value: "^.*$" + value: ".*" EKSFargateProfile: - type: "regex" - value: "^.*$" + value: ".*" ELBLoadBalancer: - property: "tag:Name" type: "regex" - value: "^.*$" + value: ".*" ELBv2: - type: "regex" - value: "^.*$" + value: ".*" - type: "regex" - value: "^.*$" + value: ".*" ELBv2TargetGroup: - type: "regex" - value: "^.*$" + value: ".*" CloudformationStack: - property: "tag:Name" type: "regex" - value: "^.*$" + value: ".*" NeptuneCluster: - property: "tag:Name" type: "regex" - value: "^.*$" + value: ".*" NetpuneSnapshot: - property: "tag:Name" type: "regex" - value: "^.*$" + value: ".*" RDSInstance: - property: "tag:Name" type: "regex" - value: "^.*$" + value: ".*" RDSClusterSnapshot: - property: "tag:Name" type: "regex" - value: "^.*$" + value: ".*" RDSDBClusterParameterGroup: - property: "tag:Name" type: "regex" - value: "^.*$" + value: ".*" RDSOptionGroup: - property: "tag:Name" type: "regex" - value: "^.*$" + value: ".*" RDSDBParameterGroup: - property: "tag:Name" type: "regex" - value: "^.*$" + value: ".*" RDSDBSubnetGroup: - property: "tag:Name" type: "regex" - value: "^.*$" + value: ".*" IAMInstanceProfile: - type: "regex" - value: "^.*$" + value: ".*" IAMInstanceProfileRole: - type: "regex" - value: "^.*$" + value: ".*" IAMRole: - type: "regex" - value: "^.*$" + value: ".*" - type: "regex" - value: "^.*$" + value: ".*" IAMRolePolicy: - property: "role:RoleName" type: "regex" - value: "^.*$" + value: ".*" IAMRolePolicyAttachment: - type: "regex" - value: "^.*$" + value: ".*" - type: "regex" - value: "^.*$" + value: ".*" IAMPolicy: - type: "regex" - value: "^.*$" + value: ".*" - type: "regex" - value: "^.*$" + value: ".*" - type: "regex" - value: "^.*$" + value: ".*" KMSAlias: - property: "Name" type: "regex" # KMSAlias does not have tags, and names start with "alais/" - value: "^.*$" + value: ".*" KMSKey: - property: "tag:Name" type: "regex" - value: "^.*$" + value: ".*" CloudWatchLogsLogGroup: - type: "regex" - value: "^.*$" + value: ".*" - type: "regex" - value: "^.*$" + value: ".*" EMRCluster: - type: "regex" - value: "^.*$" + value: ".*" EC2KeyPair: - type: "regex" - value: "^.*$" + value: ".*" IAMGroup: - type: "regex" - value: "^.*$" + value: ".*" IAMGroupPolicyAttachment: - type: "regex" - value: "^.*$" + value: ".*" IAMOpenIDConnectProvider: - property: "tag:Name" type: "regex" - value: "^.*$" + value: ".*" Route53ResourceRecordSet: - property: "Name" type: "exact" - value: "^.*$" + value: ".*" - property: "Name" type: "exact" - value: "^.*$" + value: ".*" - property: "Name" type: "regex" - value: "^.*$" + value: ".*" Route53HostedZone: - property: "Name" type: "regex" - value: "^.*$" + value: ".*" SSMParameter: - property: "Name" type: "regex" - value: "^.*$" + value: ".*" From a08876006ff112bd5ce2c2fffbd9000ddf25080a Mon Sep 17 00:00:00 2001 From: Igor Rodionov Date: Thu, 19 Sep 2024 20:45:48 +0200 Subject: [PATCH 4/9] Delete all resources --- .github/aws-nuke.yaml | 227 ------------------------------------------ 1 file changed, 227 deletions(-) diff --git a/.github/aws-nuke.yaml b/.github/aws-nuke.yaml index 70c8fa4..fd5421a 100644 --- a/.github/aws-nuke.yaml +++ b/.github/aws-nuke.yaml @@ -132,7 +132,6 @@ accounts: 126450723953: presets: - defaults - - cpco presets: defaults: @@ -238,229 +237,3 @@ presets: - property: "tag:Name" type: "regex" value: "^$" - - cpco: - filters: - CloudTrailTrail: - - property: "Name" - type: "regex" - value: ".*" - CloudWatchAlarm: - - property: "Name" - type: "regex" - # Alarm names have a path component, so do not anchor to start of string - value: ".*" - CodeDeployApplication: - - property: "Name" - type: "regex" - value: ".*" - S3Bucket: - - property: "Name" - type: "regex" - value: ".*" - S3Object: - - property: "Bucket" - type: "regex" - value: ".*" - EC2VPC: - - property: "tag:Name" - type: "regex" - value: ".*" - EC2Volume: - - property: "tag:Name" - type: "regex" - value: ".*" - EC2SecurityGroup: - - property: "Name" - type: "regex" - value: ".*" - - property: "tag:Name" - type: "regex" - value: ".*" - EC2Instance: - - property: "tag:Name" - type: "regex" - value: ".*" - EC2NetworkInterface: - - property: "tag:Name" - type: "regex" - value: ".*" - - property: "tag:Name" - type: "regex" - value: ".*" - EC2InternetGateway: - - property: "tag:Name" - type: "regex" - value: ".*" - EC2LaunchTemplate: - - property: "tag:Name" - type: "regex" - value: ".*" - EC2NATGateway: - - property: "tag:Name" - type: "regex" - value: ".*" - EC2InternetGatewayAttachment: - - property: "tag:igw:Name" - type: "regex" - value: ".*" - EC2Subnet: - - property: "tag:Name" - type: "regex" - value: ".*" - EC2RouteTable: - - property: "tag:Name" - type: "regex" - value: ".*" - EC2NetworkACL: - - property: "tag:Name" - type: "regex" - value: ".*" - AutoScalingGroup: - - property: "tag:Name" - type: "regex" - value: ".*" - ECSService: - - property: "tag:Name" - type: "regex" - value: ".*" - ECSCluster: - - property: "tag:Name" - type: "regex" - value: ".*" - ECSTaskDefinition: - - property: "tag:Name" - type: "regex" - value: ".*" - EKSCluster: - - type: "regex" - value: ".*" - EKSNodegroups: - - type: "regex" - value: ".*" - EKSFargateProfile: - - type: "regex" - value: ".*" - ELBLoadBalancer: - - property: "tag:Name" - type: "regex" - value: ".*" - ELBv2: - - type: "regex" - value: ".*" - - type: "regex" - value: ".*" - ELBv2TargetGroup: - - type: "regex" - value: ".*" - CloudformationStack: - - property: "tag:Name" - type: "regex" - value: ".*" - NeptuneCluster: - - property: "tag:Name" - type: "regex" - value: ".*" - NetpuneSnapshot: - - property: "tag:Name" - type: "regex" - value: ".*" - RDSInstance: - - property: "tag:Name" - type: "regex" - value: ".*" - RDSClusterSnapshot: - - property: "tag:Name" - type: "regex" - value: ".*" - RDSDBClusterParameterGroup: - - property: "tag:Name" - type: "regex" - value: ".*" - RDSOptionGroup: - - property: "tag:Name" - type: "regex" - value: ".*" - RDSDBParameterGroup: - - property: "tag:Name" - type: "regex" - value: ".*" - RDSDBSubnetGroup: - - property: "tag:Name" - type: "regex" - value: ".*" - IAMInstanceProfile: - - type: "regex" - value: ".*" - IAMInstanceProfileRole: - - type: "regex" - value: ".*" - IAMRole: - - type: "regex" - value: ".*" - - type: "regex" - value: ".*" - IAMRolePolicy: - - property: "role:RoleName" - type: "regex" - value: ".*" - IAMRolePolicyAttachment: - - type: "regex" - value: ".*" - - type: "regex" - value: ".*" - IAMPolicy: - - type: "regex" - value: ".*" - - type: "regex" - value: ".*" - - type: "regex" - value: ".*" - KMSAlias: - - property: "Name" - type: "regex" - # KMSAlias does not have tags, and names start with "alais/" - value: ".*" - KMSKey: - - property: "tag:Name" - type: "regex" - value: ".*" - CloudWatchLogsLogGroup: - - type: "regex" - value: ".*" - - type: "regex" - value: ".*" - EMRCluster: - - type: "regex" - value: ".*" - EC2KeyPair: - - type: "regex" - value: ".*" - IAMGroup: - - type: "regex" - value: ".*" - IAMGroupPolicyAttachment: - - type: "regex" - value: ".*" - IAMOpenIDConnectProvider: - - property: "tag:Name" - type: "regex" - value: ".*" - Route53ResourceRecordSet: - - property: "Name" - type: "exact" - value: ".*" - - property: "Name" - type: "exact" - value: ".*" - - property: "Name" - type: "regex" - value: ".*" - Route53HostedZone: - - property: "Name" - type: "regex" - value: ".*" - SSMParameter: - - property: "Name" - type: "regex" - value: ".*" From e65bcf19233bac6e3318d9aec4b5731568f3f171 Mon Sep 17 00:00:00 2001 From: Igor Rodionov Date: Thu, 19 Sep 2024 20:51:25 +0200 Subject: [PATCH 5/9] Delete all resources --- .github/aws-nuke.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/aws-nuke.yaml b/.github/aws-nuke.yaml index fd5421a..2f193b5 100644 --- a/.github/aws-nuke.yaml +++ b/.github/aws-nuke.yaml @@ -28,6 +28,7 @@ resource-types: # only nuke these resources targets: + - IAMUser - IAMRole - IAMRolePolicy - IAMRolePolicyAttachment From bcdff65d27e9ef546211f98601a6a07b2423febf Mon Sep 17 00:00:00 2001 From: Igor Rodionov Date: Thu, 19 Sep 2024 20:53:30 +0200 Subject: [PATCH 6/9] Delete all resources --- .github/aws-nuke.yaml | 229 +----------------------------------------- 1 file changed, 1 insertion(+), 228 deletions(-) diff --git a/.github/aws-nuke.yaml b/.github/aws-nuke.yaml index 2f193b5..8c0fa7b 100644 --- a/.github/aws-nuke.yaml +++ b/.github/aws-nuke.yaml @@ -8,233 +8,6 @@ regions: account-blocklist: - "999999999999" # production -resource-types: - # Added in aws-nuke 2.18.0 - cloud-control: - - AWS::AppFlow::ConnectorProfile - - AWS::AppFlow::Flow - - AWS::AppRunner::Service - - AWS::ApplicationInsights::Application - # - AWS::Backup::Framework - - AWS::MWAA::Environment - # - AWS::NetworkFirewall::Firewall - # - AWS::NetworkFirewall::FirewallPolicy - # - AWS::NetworkFirewall::RuleGroup - - AWS::Synthetics::Canary - - AWS::Timestream::Database - - AWS::Timestream::ScheduledQuery - - AWS::Timestream::Table - - AWS::Transfer::Workflow - - # only nuke these resources - targets: - - IAMUser - - IAMRole - - IAMRolePolicy - - IAMRolePolicyAttachment - - IAMPolicy - - IAMGroup - - IAMGroupPolicyAttachment - - IAMInstanceProfile - - IAMInstanceProfileRole - - IAMOpenIDConnectProvider - # Deleting S3 Objects individually takes too long. We are either going to - # delete the entire S3 bucket or nothing in it, so we skip S3Object - # - S3Object - - S3Bucket - # AWS::* added in aws-nuke 2.18.0 - - AWS::AppFlow::ConnectorProfile - - AWS::AppFlow::Flow - - AWS::AppRunner::Service - - AWS::ApplicationInsights::Application - # - AWS::Backup::Framework - - AWS::MWAA::Environment - # - AWS::NetworkFirewall::Firewall - # - AWS::NetworkFirewall::FirewallPolicy - # - AWS::NetworkFirewall::RuleGroup - - AWS::Synthetics::Canary - - AWS::Timestream::Database - - AWS::Timestream::ScheduledQuery - - AWS::Timestream::Table - - AWS::Transfer::Workflow - - AutoScalingGroup - - CodeDeployApplication - - CloudWatchAlarm - - CloudWatchLogsLogGroup - - CloudformationStack - - EC2Address - - EC2DHCPOption - - EC2Instance - - EC2InternetGateway - - EC2InternetGatewayAttachment - - EC2KeyPair - - EC2LaunchTemplate - - EC2NATGateway - - EC2NetworkACL - - EC2NetworkInterface - - EC2RouteTable - - EC2SecurityGroup - - EC2Subnet - - EC2VPC - - EC2Volume - - ECSCluster - - ECSService - - ECSTaskDefinition - - EKSCluster - - EKSFargateProfiles - - EKSNodegroups - - ElasticacheCacheParameterGroup - - ELBLoadBalancer - - ELBv2 - - ELBv2TargetGroup - - EMRCluster - - ESDomain - - ElasticBeanstalkApplication - - ElasticBeanstalkEnvironment - # Inspector2 added in aws-nuke v2.18.1 - - Inspector2 - - KMSAlias - - KMSKey - - LambdaEventSourceMapping - - LambdaFunction - - MQBroker - - MSKCluster - - MSKConfiguration - - NeptuneCluster - # Yes, it is misspelled in aws-nuke - - NetpuneSnapshot - - RDSDBCluster - - RDSDBClusterParameterGroup - - RDSDBParameterGroup - - RDSDBSubnetGroup - - RDSInstance - # RDSClusterSnapshot added in aws-nuke 2.19.0 - - RDSClusterSnapshot - - RDSOptionGroup - - RedshiftCluster - - RedshiftParameterGroup - # You cannot delete automated Redshift Snapshots, and trying to delete - # them causes aws-nuke to exit with failure. Since we are not taking - # manual snapshots, we do not need to worry about them, but if we did, - # we should create a filter that leaves the automated snapshots alone. - # - RedshiftSnapshot - - Route53HostedZone - - Route53ResourceRecordSet - - RedshiftSubnetGroup - - SSMParameter - - SNSTopic - - # don't nuke IAM users - # excludes: - # - IAMUser - accounts: # testing account - 126450723953: - presets: - - defaults - -presets: - defaults: - filters: - CloudTrailTrail: - - property: "Name" - type: "regex" - value: "^$" - CloudWatchAlarm: - - property: "Name" - type: "regex" - value: "^$" - ECSCluster: - - type: "regex" - value: ".*cluster/fargate" - ECSService: - - type: "regex" - value: ".*service/atlantis" - EC2InternetGateway: - - property: "tag:Name" - type: "regex" - value: "^$" - EC2InternetGatewayAttachment: - - property: "tag:igw:Name" - type: "regex" - value: "^$" - EC2RouteTable: - - property: "tag:Name" - type: "regex" - value: "^$" - EC2Subnet: - - property: "DefaultForAz" - value: "true" - EC2VPC: - - property: "IsDefault" - value: "true" - EC2DHCPOption: - - property: "tag:Name" - type: "regex" - value: "^$" - IAMRole: - - "OrganizationAccountAccessRole" - IAMRolePolicy: - - property: "role:RoleName" - type: "regex" - value: "^OrganizationAccountAccessRole$" - EC2SecurityGroup: - - property: "Name" - type: "regex" - value: "^fargate-default$" - EC2NetworkInterface: - # Lambda's do not set the `tag:Name` and the `Description` is not available for filtering - # Description: AWS Lambda VPC ENI-eg-test-app-elasticsearch-cleanup-e45baaef-7c14-4926-b21c-04c6b77f9 - # Instead, we'll delete all EC2NetworkInterface that have `Status` of `available`. - # - property: "tag:Name" - # type: "regex" - # value: "^$" - - property: "Status" - type: "regex" - value: "^(attaching|attached|detaching|detached)$" - - EC2Volume: - - property: "tag:Name" - type: "regex" - value: "^$" - KMSKey: - - property: "tag:Name" - type: "regex" - value: "^$" - CloudformationStack: - - property: "tag:Name" - type: "regex" - value: "^$" - NeptuneCluster: - - property: "tag:Name" - type: "regex" - value: "^$" - NetpuneSnapshot: - - property: "tag:Name" - type: "regex" - value: "^$" - RDSInstance: - - property: "tag:Name" - type: "regex" - value: "^$" - RDSClusterSnapshot: - - property: "tag:Name" - type: "regex" - value: "^$" - RDSOptionGroup: - - property: "tag:Name" - type: "regex" - value: "^$" - RDSDBParameterGroup: - - property: "tag:Name" - type: "regex" - value: "^$" - RDSDBClusterParameterGroup: - - property: "tag:Name" - type: "regex" - value: "^$" - RDSDBSubnetGroup: - - property: "tag:Name" - type: "regex" - value: "^$" + 126450723953: {} From 864db724dc6fba890e2ffa06dbfbd81fffcd9ea9 Mon Sep 17 00:00:00 2001 From: Igor Rodionov Date: Thu, 19 Sep 2024 20:56:45 +0200 Subject: [PATCH 7/9] Delete all resources --- .github/aws-nuke.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/aws-nuke.yaml b/.github/aws-nuke.yaml index 8c0fa7b..a8eca53 100644 --- a/.github/aws-nuke.yaml +++ b/.github/aws-nuke.yaml @@ -3,7 +3,7 @@ regions: #- us-east-1 - us-east-2 #- us-west-1 - #- us-west-2 + - us-west-2 account-blocklist: - "999999999999" # production From d7ffed561d21f7110e23302acb53ac2f36144088 Mon Sep 17 00:00:00 2001 From: Igor Rodionov Date: Thu, 19 Sep 2024 21:01:22 +0200 Subject: [PATCH 8/9] Delete all resources --- .github/aws-nuke.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/aws-nuke.yaml b/.github/aws-nuke.yaml index a8eca53..04173a6 100644 --- a/.github/aws-nuke.yaml +++ b/.github/aws-nuke.yaml @@ -1,8 +1,8 @@ regions: - global - #- us-east-1 + - us-east-1 - us-east-2 - #- us-west-1 + - us-west-1 - us-west-2 account-blocklist: From 19e5e785cd4365bb86ecf619f00302aaf925fd2e Mon Sep 17 00:00:00 2001 From: Igor Rodionov Date: Thu, 19 Sep 2024 21:28:21 +0200 Subject: [PATCH 9/9] Delete all resources --- .github/aws-nuke.yaml | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/.github/aws-nuke.yaml b/.github/aws-nuke.yaml index 04173a6..cc6a2e0 100644 --- a/.github/aws-nuke.yaml +++ b/.github/aws-nuke.yaml @@ -1,9 +1,36 @@ regions: - global - - us-east-1 - us-east-2 + - us-east-1 - us-west-1 - us-west-2 + - af-south-1 + - ap-east-1 + - ap-south-2 + - ap-southeast-3 + - ap-southeast-4 + - ap-south-1 + - ap-northeast-3 + - ap-northeast-2 + - ap-southeast-1 + - ap-southeast-2 + - ap-northeast-1 + - ca-central-1 + - ca-west-1 + - eu-central-1 + - eu-west-1 + - eu-west-2 + - eu-south-1 + - eu-west-3 + - eu-south-2 + - eu-north-1 + - eu-central-2 + - il-central-1 + - me-south-1 + - me-central-1 + - sa-east-1 + - us-gov-east-1 + - us-gov-west-1 account-blocklist: - "999999999999" # production