Feedback Wanted! #389
Comments
|
The feature I'm waiting for the most is being able to specify only delete resources with these tags. Right now AFAIU it's only possible to exclude resources from deletion. For example if I have EC2Address with a tag "Name", I should be able to say... delete all EC2Address with Name == "capi-*", do not touch any other EC2Address. My use case for this feature is Cluster API test runs that tag all the resources they create with "capi-<cluster-name>". These resources are created on a shared account, so nuking everything isn't desirable. |
|
@eaudetcobello I'm considering adding a feature to flip from exclusion to inclusion via #327 -- there's much to consider with adding this behavior. |
|
Exclude all AWS managed IAM policies as well as resources created by CDK. Essentially, reset the AWS account to how it was at initial creation. EDITs:
|
|
@BwL1289 and @eaudetcobello you can sort of already filter for removal using Global Filters Feature combined with the |
|
@ekristen a technique I'm using for CDK is: presets:
# Exclude cdk resources from being nuked
cdk:
filters:
# Exclude resources with cdk in the name
__global__: # Catch all for all resources
- type: "contains"
value: "cdk"
- type: glob
value: "*cdk*"
- property: Name
type: "glob"
value: "*cdk*"
- property: ARN
type: "glob"
value: "*cdk*"
- property: tag:aws:cloudformation:stack-name
value: "CDKToolkit"Will this work as I expect? Note: I know there's a ton of redundancy here. Guidance is appreciated. |
|
As I'm finalizing CDK template, two other feature requests:
|
|
Default service roles are already filtered. Bucket policy isn't a separate resource and I'm not sure there's an argument to make it one. Why would you want to nuke a bucket policy but not the bucket? |
Thanks. Is this in the docs? Happy to help add it if not.
I wouldn't. Similar to |
|
I'm trying to nuke multiple accounts with one config file, but I cannot figure out how to specify the credentials for each account. Is it even possible? I understand I can pass multiple account name/aliases in my config file, but I dont see a way add the profile associated with those accounts. Thank you so much! |
|
@nimaft you can only run against a single account at a time, but you can configure as many accounts as you want in the configuration file. |
|
I tried using this but it's very complicated to configure and use. I ran it one time and it seemed to delete it's own access key and didn't even delete my VPCs which was all I needed it for. |
|
@Xylon2 its a complex tool. It'll delete everything period, including access keys. If you want open an issue including your config and logs. What do you fix complicated? How would it be easier? |
|
It would be nice to have a clear expectation of what properties you can filter on each resource type. Today I was attempting to exclude a CloudTrailTrail using tags. CloudTrail objects have tags. But I don't believe this tool will allow you to filter on tags? see: https://github.com/ekristen/aws-nuke/blob/main/resources/cloudtrail-trails.go#L60-L63 Please correct me if I'm wrong 😄 I'll submit an issue if you confirm we should be able to filter on this thanks in advance @ekristen |
|
@zack-is-cool unfortunately not all resources support both properties and even if does not all have their tags exposed. PRs welcome! I am currently working on auto-documentation based on property data when it exists, upcoming releases will have better documentation, there is a PR in progress #391 Please feel free to open an issue for the cloud trail objects missing tags. |
Please provide your feedback. Here are some of the issues.
The text was updated successfully, but these errors were encountered: