diff --git a/docs/index.md b/docs/index.md index a3d108b0..ef7f01a7 100644 --- a/docs/index.md +++ b/docs/index.md @@ -9,7 +9,7 @@ resources and create a Pull Request or to create an [Issue](https://github.com/e This is not a comprehensive list, but here are some of the highlights: -* New Feature: [Global Filters](features/global-filters.md +* New Feature: [Global Filters](features/global-filters.md) * New Feature: [Run Against All Enabled Regions](features/enabled-regions.md) * New Feature: [Bypass Alias Check - Allow the skip of an alias on an account](features/bypass-alias-check.md) * Upcoming Feature: Filter Groups (**in progress**) diff --git a/docs/installation.md b/docs/installation.md index f3ee060f..6b8933bb 100644 --- a/docs/installation.md +++ b/docs/installation.md @@ -5,10 +5,10 @@ ### Homebrew Tap (MacOS/Linux) ```console -brew install ekristen/tap/aws-nuke +brew install ekristen/tap/aws-nuke@3 ``` -!!! note +!!! warning "Brew Warning" `brew install aws-nuke` will install the rebuy-aws version of aws-nuke, which is not the same as this version. ## Releases @@ -20,15 +20,14 @@ You can download pre-compiled binaries from the [releases](https://github.com/ek Registries: - [ghcr.io/ekristen/aws-nuke](https://github.com/ekristen/aws-nuke/pkgs/container/aws-nuke) -- [docker.io/ekristen/aws-nuke](https://hub.docker.com/r/ekristen/aws-nuke) -You can run *aws-nuke* with Docker by using a command like this: +You can run **aws-nuke** with Docker by using a command like this: ## Source -To compile *aws-nuke* from source you need a working [Golang](https://golang.org/doc/install) development environment and [goreleaser](https://goreleaser.com/install/). +To compile **aws-nuke** from source you need a working [Golang](https://golang.org/doc/install) development environment and [goreleaser](https://goreleaser.com/install/). -*aws-nuke* uses go modules and so the clone path should no matter. Then simply change directory into the clone and run: +**aws-nuke** uses go modules and so the clone path should not matter. Then simply change directory into the clone and run: ```bash goreleaser --clean --snapshot --single-target diff --git a/docs/warning.md b/docs/warning.md index be809df6..4ea68d22 100644 --- a/docs/warning.md +++ b/docs/warning.md @@ -10,22 +10,31 @@ To reduce the blast radius of accidents, there are some safety precautions: -1. By default, *aws-nuke* only lists all nuke-able resources. You need to add `--no-dry-run` to actually delete +1. By default, **aws-nuke** only lists all nuke-able resources. You need to add `--no-dry-run` to actually delete resources. -2. *aws-nuke* asks you twice to confirm the deletion by entering the account alias. The first time is directly +2. **aws-nuke** asks you twice to confirm the deletion by entering the account alias. The first time is directly after the start and the second time after listing all nuke-able resources. -3. To avoid just displaying a account ID, which might gladly be ignored by humans, it is required to actually set + + !!! note "ProTip" + This can be disabled by adding `--no-prompt` to the command line. + +3. To avoid just displaying an account ID, which might gladly be ignored by humans, it is required to actually set an [Account Alias](https://docs.aws.amazon.com/IAM/latest/UserGuide/console_account-alias.html) for your account. Otherwise, *aws-nuke* will abort. -4. The Account Alias must not contain the string `prod`. This string is hardcoded, and it is recommended to add it + + !!! note "ProTip" + This can be disabled by adding `--no-alias-check` to the command line and + [modifying the config accordingly](features/bypass-alias-check.md). + +4. The account alias must not contain the string `prod`. This string is hardcoded, and it is recommended to add it to every actual production account (e.g. `mycompany-production-ecr`). 5. The config file contains a blocklist field. If the Account ID of the account you want to nuke is part of this - blocklist, *aws-nuke* will abort. It is recommended, that you add every production account to this blocklist. + blocklist, **aws-nuke** will abort. It is recommended, that you add every production account to this blocklist. 6. To ensure you don't just ignore the blocklisting feature, the blocklist must contain at least one Account ID. 7. The config file contains account specific settings (e.g. filters). The account you want to nuke must be explicitly listed there. 8. To ensure to not accidentally delete a random account, it is required to specify a config file. It is recommended - to have only a single config file and add it to a central repository. This way the account blocklist is way - easier to manage and keep up to date. + to have only a single config file and add it to a central repository. This way the blocklist is easier to manage and + keep up to date. Feel free to create an issue, if you have any ideas to improve the safety procedures.