Merge pull request #362 from ekristen/general-improvements-2

feat: general improvements

docs/quick-start.md

@@ -1,6 +1,6 @@
 # First Run
 
-## First Configuration
+## First Simple Configuration
 
 First you need to create a config file for *aws-nuke*. This is a minimal one:
 

docs/starter-config.md

@@ -0,0 +1,123 @@
+# Starter Configuration
+
+This is a good starting configuration for `aws-nuke`. This configuration will help you get started with the tool and
+give you a good idea of what you can do with it.
+
+By default, many of the settings are populated. Many of the resources that are deprecated or not available are excluded.
+
+Additionally, there are 3 presets for common configurations of things you might want to filter (i.e. keep around).
+
+!!! note
+    You must replace the account ID with your own account ID. This is a placeholder account ID.
+
+!!! warning
+    This does not **cover** all settings, nor does it protect against resources that you might want to keep around, this
+    is a **starting configuration only**.
+
+```yaml
+regions:
+  - global
+  - us-east-1
+  - us-east-2
+
+blocklist:
+  - "987654321098" # Production Account
+
+settings:
+  EC2Image:
+    IncludeDisabled: true
+    IncludeDeprecated: true
+    DisableDeregistrationProtection: true
+  EC2Instance:
+    DisableStopProtection: true
+    DisableDeletionProtection: true
+  RDSInstance:
+    DisableDeletionProtection: true
+  CloudFormationStack:
+    DisableDeletionProtection: true
+  DynamoDBTable:
+    DisableDeletionProtection: true
+
+resource-types:
+  excludes:
+    - S3Object # Excluded because S3 bucket removal handles removing all S3Objects
+    - ServiceCatalogTagOption # Excluded due to https://github.com/rebuy-de/aws-nuke/issues/515
+    - ServiceCatalogTagOptionPortfolioAttachment # Excluded due to https://github.com/rebuy-de/aws-nuke/issues/515
+    - FMSNotificationChannel # Excluded because it's not available
+    - FMSPolicy # Excluded because it's not available
+    - MachineLearningMLModel # Excluded due to ML being unavailable
+    - MachineLearningDataSource # Excluded due to ML being unavailable
+    - MachineLearningBranchPrediction # Excluded due to ML being unavailable
+    - MachineLearningEvaluation # Excluded due to ML being unavailable
+    - RoboMakerDeploymentJob # Deprecated Service
+    - RoboMakerFleet # Deprecated Service
+    - RoboMakerRobot # Deprecated Service
+    - RoboMakerSimulationJob
+    - RoboMakerRobotApplication
+    - RoboMakerSimulationApplication
+    - OpsWorksApp # Deprecated service
+    - OpsWorksInstance # Deprecated service
+    - OpsWorksLayer # Deprecated service
+    - OpsWorksUserProfile # Deprecated service
+    - OpsWorksCMBackup # Deprecated service
+    - OpsWorksCMServer # Deprecated service
+    - OpsWorksCMServerState # Deprecated service
+    - CodeStarProject # Deprecated service
+    - CodeStarConnection # Deprecated service
+    - CodeStarNotification # Deprecated service
+    - Cloud9Environment # Deprecated service
+    - CloudSearchDomain # Deprecated service
+    - RedshiftServerlessSnapshot # Deprecated service
+    - RedshiftServerlessNamespace # Deprecated service
+    - RedshiftServerlessWorkgroup # Deprecated service
+
+presets:
+  common:
+    filters:
+      BudgetsBudget:
+        - property: Name
+          value: "My Zero-Spend Budget"
+
+  organization:
+    filters:
+      IAMSAMLProvider:
+        - property: ARN
+          type: contains
+          value: "AWSSSO"
+      IAMRole:
+        - property: Name
+          type: contains
+          value: "OrganizationAccountAccessRole"
+      IAMRolePolicyAttachment:
+        - property: RoleName
+          value: "OrganizationAccountAccessRole"
+
+  defaults:
+    filters:
+      EC2Subnet:
+        - property: DefaultVPC
+          value: "true"
+      EC2DefaultSecurityGroupRule:
+        - property: DefaultVPC
+          value: "true"
+      EC2DHCPOption:
+        - property: DefaultVPC
+          value: "true"
+      EC2VPC:
+        - property: IsDefault
+          value: "true"
+      EC2InternetGateway:
+        - property: DefaultVPC
+          value: "true"
+      EC2InternetGatewayAttachment:
+        - property: DefaultVPC
+          value: "true"
+
+accounts:
+  '012345678901':
+    presets:
+      - common
+      - organization
+      - defaults
+
+```

mkdocs.yml

@@ -71,6 +71,7 @@ nav:
     - Install: installation.md
     - Authentication: auth.md
     - Quick Start: quick-start.md
+    - Starter Config: starter-config.md
     - Migration Guide: migration-guide.md
   - Features:
       - Overview: features/overview.md

resources/backup-vaults.go → resources/backup-vault.go

@@ -21,13 +21,16 @@ type BackupVault struct {
 	tags map[string]*string
 }
 
-const AWSBackupVaultResource = "AWSBackupVault"
+const BackupVaultResource = "BackupVault"
 
 func init() {
 	registry.Register(&registry.Registration{
-		Name:   AWSBackupVaultResource,
+		Name:   BackupVaultResource,
 		Scope:  nuke.Account,
 		Lister: &AWSBackupVaultLister{},
+		DeprecatedAliases: []string{
+			"AWSBackupVault",
+		},
 	})
 }
 

resources/ec2-default-security-group-rules.go → resources/ec2-default-security-group-rule.go

@@ -120,6 +120,7 @@ func (r *EC2DefaultSecurityGroupRule) Remove(_ context.Context) error {
 func (r *EC2DefaultSecurityGroupRule) Properties() types.Properties {
 	properties := types.NewProperties()
 	properties.Set("SecurityGroupId", r.groupID)
+	properties.Set("DefaultVPC", true)
 	return properties
 }
 

resources/gamelift-mm-config.go

@@ -2,6 +2,7 @@ package resources
 
 import (
 	"context"
+	"errors"
 	"time"
 
 	"github.com/aws/aws-sdk-go/service/gamelift"
@@ -36,7 +37,11 @@ func (l *GameLiftMatchmakingConfigurationLister) List(_ context.Context, o inter
 	for {
 		resp, err := svc.DescribeMatchmakingConfigurations(params)
 		if err != nil {
-			return nil, err
+			var unsupportedRegionException *gamelift.UnsupportedRegionException
+			if errors.As(err, &unsupportedRegionException) {
+				return resources, nil
+			}
+			return resources, err
 		}
 
 		for _, config := range resp.Configurations {

resources/gamelift-mm-rule.go

@@ -2,6 +2,7 @@ package resources
 
 import (
 	"context"
+	"errors"
 
 	"github.com/aws/aws-sdk-go/service/gamelift"
 
@@ -35,7 +36,11 @@ func (l *GameLiftMatchmakingRuleSetLister) List(_ context.Context, o interface{}
 	for {
 		resp, err := svc.DescribeMatchmakingRuleSets(params)
 		if err != nil {
-			return nil, err
+			var unsupportedRegionException *gamelift.UnsupportedRegionException
+			if errors.As(err, &unsupportedRegionException) {
+				return resources, nil
+			}
+			return resources, err
 		}
 
 		for _, ruleSet := range resp.RuleSets {

resources/quicksight-subscriptions.go

@@ -7,11 +7,13 @@ import (
 
 	"github.com/aws/aws-sdk-go/service/quicksight"
 	"github.com/aws/aws-sdk-go/service/quicksight/quicksightiface"
-	"github.com/ekristen/aws-nuke/v3/pkg/nuke"
+
 	"github.com/ekristen/libnuke/pkg/registry"
 	"github.com/ekristen/libnuke/pkg/resource"
 	libsettings "github.com/ekristen/libnuke/pkg/settings"
 	"github.com/ekristen/libnuke/pkg/types"
+
+	"github.com/ekristen/aws-nuke/v3/pkg/nuke"
 )
 
 const QuickSightSubscriptionResource = "QuickSightSubscription"

resources/quicksight-user.go

@@ -2,11 +2,13 @@ package resources
 
 import (
 	"context"
+	"errors"
 
 	"github.com/gotidy/ptr"
 
 	"github.com/aws/aws-sdk-go/service/quicksight"
 	"github.com/aws/aws-sdk-go/service/quicksight/quicksightiface"
+
 	"github.com/ekristen/libnuke/pkg/registry"
 	"github.com/ekristen/libnuke/pkg/resource"
 	"github.com/ekristen/libnuke/pkg/types"
@@ -60,7 +62,11 @@ func (l *QuickSightUserLister) List(_ context.Context, o interface{}) ([]resourc
 		return !lastPage
 	})
 	if err != nil {
-		return nil, err
+		var notFoundException *quicksight.ResourceNotFoundException
+		if !errors.As(err, &notFoundException) {
+			return nil, err
+		}
+		return resources, nil
 	}
 
 	return resources, nil

resources/transcribe-call-analytics-category.go

@@ -2,6 +2,8 @@ package resources
 
 import (
 	"context"
+	"errors"
+	"strings"
 	"time"
 
 	"github.com/aws/aws-sdk-go/service/transcribeservice"
@@ -39,6 +41,11 @@ func (l *TranscribeCallAnalyticsCategoryLister) List(_ context.Context, o interf
 
 		listOutput, err := svc.ListCallAnalyticsCategories(listCallAnalyticsCategoriesInput)
 		if err != nil {
+			var badRequestException *transcribeservice.BadRequestException
+			if errors.As(err, &badRequestException) &&
+				strings.Contains(badRequestException.Message(), "isn't supported in this region") {
+				return resources, nil
+			}
 			return nil, err
 		}
 		for _, category := range listOutput.Categories {

resources/transcribe-call-analytics-job.go

@@ -2,6 +2,8 @@ package resources
 
 import (
 	"context"
+	"errors"
+	"strings"
 	"time"
 
 	"github.com/aws/aws-sdk-go/aws"
@@ -41,8 +43,13 @@ func (l *TranscribeCallAnalyticsJobLister) List(_ context.Context, o interface{}
 
 		listOutput, err := svc.ListCallAnalyticsJobs(listCallAnalyticsJobsInput)
 		if err != nil {
-			return nil, err
+			var badRequestException *transcribeservice.BadRequestException
+			if errors.As(err, &badRequestException) &&
+				strings.Contains(badRequestException.Message(), "isn't supported in this region") {
+				return resources, nil
+			}
 		}
+
 		for _, job := range listOutput.CallAnalyticsJobSummaries {
 			resources = append(resources, &TranscribeCallAnalyticsJob{
 				svc:            svc,