Hi, I'm Takahiro, a Software Engineer.
I've recently discovered a powerful tool.
It's aws-nuke.
aws-nuke is extremely powerful, but it can be very dangerous.
Because it deletes all AWS resources.
So, if you're careful of your usage, you can effectively manage your resource costs.
aws-nuke isn't an official AWS tool.
But The official document introduces it. Please see the link below.
https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/automate-deletion-of-aws-resources-by-using-aws-nuke.html
The automation architecture is very helpful.
So I demonstrate how to use aws-nuke.
How to install
In the case of Mac,
brew install aws-nuke
In the case of Amazon Linux,
wget https://github.com/rebuy-de/aws-nuke/releases/download/v2.25.0/aws-nuke-v2.25.0-linux-amd64.tar.gz
tar -zxf aws-nuke-v2.25.0-linux-amd64.tar.gz
mv aws-nuke-v2.25.0-linux-amd64 aws-nuke
chmod u+x aws-nuke
How to make config file
The file name is nuke-config.yml, Write in yaml format.
For Example,
regions: # specify region for deletion
- global
- ap-northeast-1
account-blocklist: # not to delete account list
- 000000000
resource-types:
excludes: # not to delete service
- IAMRole
accounts:
1111111111: # to delete account
filters: # not to delete filtering resources by specific tag
EC2Instance:
- type: exact
property: tag:DoNotNuke
value: "True"
feature-flags:
disable-deletion-protection: # force delete protected resources
RDSInstance: true
Execute
You need to set up an Account Alias in advance as it is required.
First, Dry run.
In the case of Mac,
aws-nuke --config nuke-config.yml
In the case of Amazon Linux,
./aws-nuke --config nuke-config.yml
you check resources to be deleted.
Next, you delete resources.
In the case of Mac,
aws-nuke --config nuke-config.yml --no-dry-run
In the case of Amazon Linux,
./aws-nuke --config nuke-config.yml --no-dry-run
If you write --force option, there is no confirmation message.
Be careful.
Last
aws-nuke is a very useful tool, but very dangerous.
Handle with care.
Top comments (0)