From 7146581706a0ec462bf6e34185d5e8008ef0c61a Mon Sep 17 00:00:00 2001 From: Igor Rodionov Date: Fri, 20 Sep 2024 00:01:48 +0300 Subject: [PATCH] Cleanup all resources (#124) * Cleanup all resources * Update aws-nuke.yaml * Delete all resources * Delete all resources * Delete all resources * Delete all resources * Delete all resources * Delete all resources * Delete all resources --- .github/aws-nuke.yaml | 488 +++--------------------------------------- 1 file changed, 31 insertions(+), 457 deletions(-) diff --git a/.github/aws-nuke.yaml b/.github/aws-nuke.yaml index dfb1c33..cc6a2e0 100644 --- a/.github/aws-nuke.yaml +++ b/.github/aws-nuke.yaml @@ -1,466 +1,40 @@ regions: - global - #- us-east-1 - us-east-2 - #- us-west-1 - #- us-west-2 + - us-east-1 + - us-west-1 + - us-west-2 + - af-south-1 + - ap-east-1 + - ap-south-2 + - ap-southeast-3 + - ap-southeast-4 + - ap-south-1 + - ap-northeast-3 + - ap-northeast-2 + - ap-southeast-1 + - ap-southeast-2 + - ap-northeast-1 + - ca-central-1 + - ca-west-1 + - eu-central-1 + - eu-west-1 + - eu-west-2 + - eu-south-1 + - eu-west-3 + - eu-south-2 + - eu-north-1 + - eu-central-2 + - il-central-1 + - me-south-1 + - me-central-1 + - sa-east-1 + - us-gov-east-1 + - us-gov-west-1 account-blocklist: - "999999999999" # production -resource-types: - # Added in aws-nuke 2.18.0 - cloud-control: - - AWS::AppFlow::ConnectorProfile - - AWS::AppFlow::Flow - - AWS::AppRunner::Service - - AWS::ApplicationInsights::Application - # - AWS::Backup::Framework - - AWS::MWAA::Environment - # - AWS::NetworkFirewall::Firewall - # - AWS::NetworkFirewall::FirewallPolicy - # - AWS::NetworkFirewall::RuleGroup - - AWS::Synthetics::Canary - - AWS::Timestream::Database - - AWS::Timestream::ScheduledQuery - - AWS::Timestream::Table - - AWS::Transfer::Workflow - - # only nuke these resources - targets: - - IAMRole - - IAMRolePolicy - - IAMRolePolicyAttachment - - IAMPolicy - - IAMGroup - - IAMGroupPolicyAttachment - - IAMInstanceProfile - - IAMInstanceProfileRole - - IAMOpenIDConnectProvider - # Deleting S3 Objects individually takes too long. We are either going to - # delete the entire S3 bucket or nothing in it, so we skip S3Object - # - S3Object - - S3Bucket - # AWS::* added in aws-nuke 2.18.0 - - AWS::AppFlow::ConnectorProfile - - AWS::AppFlow::Flow - - AWS::AppRunner::Service - - AWS::ApplicationInsights::Application - # - AWS::Backup::Framework - - AWS::MWAA::Environment - # - AWS::NetworkFirewall::Firewall - # - AWS::NetworkFirewall::FirewallPolicy - # - AWS::NetworkFirewall::RuleGroup - - AWS::Synthetics::Canary - - AWS::Timestream::Database - - AWS::Timestream::ScheduledQuery - - AWS::Timestream::Table - - AWS::Transfer::Workflow - - AutoScalingGroup - - CodeDeployApplication - - CloudWatchAlarm - - CloudWatchLogsLogGroup - - CloudformationStack - - EC2Address - - EC2DHCPOption - - EC2Instance - - EC2InternetGateway - - EC2InternetGatewayAttachment - - EC2KeyPair - - EC2LaunchTemplate - - EC2NATGateway - - EC2NetworkACL - - EC2NetworkInterface - - EC2RouteTable - - EC2SecurityGroup - - EC2Subnet - - EC2VPC - - EC2Volume - - ECSCluster - - ECSService - - ECSTaskDefinition - - EKSCluster - - EKSFargateProfiles - - EKSNodegroups - - ElasticacheCacheParameterGroup - - ELBLoadBalancer - - ELBv2 - - ELBv2TargetGroup - - EMRCluster - - ESDomain - - ElasticBeanstalkApplication - - ElasticBeanstalkEnvironment - # Inspector2 added in aws-nuke v2.18.1 - - Inspector2 - - KMSAlias - - KMSKey - - LambdaEventSourceMapping - - LambdaFunction - - MQBroker - - MSKCluster - - MSKConfiguration - - NeptuneCluster - # Yes, it is misspelled in aws-nuke - - NetpuneSnapshot - - RDSDBCluster - - RDSDBClusterParameterGroup - - RDSDBParameterGroup - - RDSDBSubnetGroup - - RDSInstance - # RDSClusterSnapshot added in aws-nuke 2.19.0 - - RDSClusterSnapshot - - RDSOptionGroup - - RedshiftCluster - - RedshiftParameterGroup - # You cannot delete automated Redshift Snapshots, and trying to delete - # them causes aws-nuke to exit with failure. Since we are not taking - # manual snapshots, we do not need to worry about them, but if we did, - # we should create a filter that leaves the automated snapshots alone. - # - RedshiftSnapshot - - Route53HostedZone - - Route53ResourceRecordSet - - RedshiftSubnetGroup - - SSMParameter - - SNSTopic - - # don't nuke IAM users - excludes: - - IAMUser - accounts: # testing account - 126450723953: - presets: - - defaults - - cpco - -presets: - defaults: - filters: - CloudTrailTrail: - - property: "Name" - type: "regex" - value: "^$" - CloudWatchAlarm: - - property: "Name" - type: "regex" - value: "^$" - ECSCluster: - - type: "regex" - value: ".*cluster/fargate" - ECSService: - - type: "regex" - value: ".*service/atlantis" - EC2InternetGateway: - - property: "tag:Name" - type: "regex" - value: "^$" - EC2InternetGatewayAttachment: - - property: "tag:igw:Name" - type: "regex" - value: "^$" - EC2RouteTable: - - property: "tag:Name" - type: "regex" - value: "^$" - EC2Subnet: - - property: "DefaultForAz" - value: "true" - EC2VPC: - - property: "IsDefault" - value: "true" - EC2DHCPOption: - - property: "tag:Name" - type: "regex" - value: "^$" - IAMRole: - - "OrganizationAccountAccessRole" - IAMRolePolicy: - - property: "role:RoleName" - type: "regex" - value: "^OrganizationAccountAccessRole$" - EC2SecurityGroup: - - property: "Name" - type: "regex" - value: "^fargate-default$" - EC2NetworkInterface: - # Lambda's do not set the `tag:Name` and the `Description` is not available for filtering - # Description: AWS Lambda VPC ENI-eg-test-app-elasticsearch-cleanup-e45baaef-7c14-4926-b21c-04c6b77f9 - # Instead, we'll delete all EC2NetworkInterface that have `Status` of `available`. - # - property: "tag:Name" - # type: "regex" - # value: "^$" - - property: "Status" - type: "regex" - value: "^(attaching|attached|detaching|detached)$" - - EC2Volume: - - property: "tag:Name" - type: "regex" - value: "^$" - KMSKey: - - property: "tag:Name" - type: "regex" - value: "^$" - CloudformationStack: - - property: "tag:Name" - type: "regex" - value: "^$" - NeptuneCluster: - - property: "tag:Name" - type: "regex" - value: "^$" - NetpuneSnapshot: - - property: "tag:Name" - type: "regex" - value: "^$" - RDSInstance: - - property: "tag:Name" - type: "regex" - value: "^$" - RDSClusterSnapshot: - - property: "tag:Name" - type: "regex" - value: "^$" - RDSOptionGroup: - - property: "tag:Name" - type: "regex" - value: "^$" - RDSDBParameterGroup: - - property: "tag:Name" - type: "regex" - value: "^$" - RDSDBClusterParameterGroup: - - property: "tag:Name" - type: "regex" - value: "^$" - RDSDBSubnetGroup: - - property: "tag:Name" - type: "regex" - value: "^$" - - cpco: - filters: - CloudTrailTrail: - - property: "Name" - type: "regex" - value: "^cpco-.*" - CloudWatchAlarm: - - property: "Name" - type: "regex" - # Alarm names have a path component, so do not anchor to start of string - value: "cpco-.*" - CodeDeployApplication: - - property: "Name" - type: "regex" - value: "^cpco-.*" - S3Bucket: - - property: "Name" - type: "regex" - value: "^cpco-.*" - S3Object: - - property: "Bucket" - type: "regex" - value: "^cpco-.*" - EC2VPC: - - property: "tag:Name" - type: "regex" - value: "^cpco-.*" - EC2Volume: - - property: "tag:Name" - type: "regex" - value: "^cpco-.*" - EC2SecurityGroup: - - property: "Name" - type: "regex" - value: "^cpco-.*" - - property: "tag:Name" - type: "regex" - value: "^fargate-default$" - EC2Instance: - - property: "tag:Name" - type: "regex" - value: "^cpco-.*" - EC2NetworkInterface: - - property: "tag:Name" - type: "regex" - value: "^cpco-.*" - - property: "tag:Name" - type: "regex" - value: "^cpco-.*" - EC2InternetGateway: - - property: "tag:Name" - type: "regex" - value: "^cpco-.*" - EC2LaunchTemplate: - - property: "tag:Name" - type: "regex" - value: "^cpco-.*" - EC2NATGateway: - - property: "tag:Name" - type: "regex" - value: "^cpco-.*" - EC2InternetGatewayAttachment: - - property: "tag:igw:Name" - type: "regex" - value: "^cpco-.*" - EC2Subnet: - - property: "tag:Name" - type: "regex" - value: "^cpco-.*" - EC2RouteTable: - - property: "tag:Name" - type: "regex" - value: "^cpco-.*" - EC2NetworkACL: - - property: "tag:Name" - type: "regex" - value: "^cpco-.*" - AutoScalingGroup: - - property: "tag:Name" - type: "regex" - value: "^cpco-.*" - ECSService: - - property: "tag:Name" - type: "regex" - value: "^cpco-.*" - ECSCluster: - - property: "tag:Name" - type: "regex" - value: "^cpco-.*" - ECSTaskDefinition: - - property: "tag:Name" - type: "regex" - value: "^cpco-.*" - EKSCluster: - - type: "regex" - value: "^cpco-.*" - EKSNodegroups: - - type: "regex" - value: "^cpco-.*" - EKSFargateProfile: - - type: "regex" - value: "^cpco-.*" - ELBLoadBalancer: - - property: "tag:Name" - type: "regex" - value: "^cpco-.*" - ELBv2: - - type: "regex" - value: "^cpco-.*" - - type: "regex" - value: "^atlantis$" - ELBv2TargetGroup: - - type: "regex" - value: "^cpco-.*" - CloudformationStack: - - property: "tag:Name" - type: "regex" - value: "^cpco-.*" - NeptuneCluster: - - property: "tag:Name" - type: "regex" - value: "^cpco-.*" - NetpuneSnapshot: - - property: "tag:Name" - type: "regex" - value: "^cpco-.*" - RDSInstance: - - property: "tag:Name" - type: "regex" - value: "^cpco-.*" - RDSClusterSnapshot: - - property: "tag:Name" - type: "regex" - value: "^cpco-.*" - RDSDBClusterParameterGroup: - - property: "tag:Name" - type: "regex" - value: "^cpco-.*" - RDSOptionGroup: - - property: "tag:Name" - type: "regex" - value: "^cpco-.*" - RDSDBParameterGroup: - - property: "tag:Name" - type: "regex" - value: "^cpco-.*" - RDSDBSubnetGroup: - - property: "tag:Name" - type: "regex" - value: "^cpco-.*" - IAMInstanceProfile: - - type: "regex" - value: "^cpco-.*" - IAMInstanceProfileRole: - - type: "regex" - value: "^cpco-.*" - IAMRole: - - type: "regex" - value: "^cpco-.*" - - type: "regex" - value: "^atlantis" - IAMRolePolicy: - - property: "role:RoleName" - type: "regex" - value: "^cpco-.*" - IAMRolePolicyAttachment: - - type: "regex" - value: "^cpco-.*" - - type: "regex" - value: "^atlantis.*" - IAMPolicy: - - type: "regex" - value: "^arn:aws:iam::[0-9]+:policy/cpco-.*" - - type: "regex" - value: "^arn:aws:iam::[0-9]+:policy/service-role/cpco-.*" - - type: "regex" - value: "^arn:aws:iam::[0-9]+:policy/atlantis.*" - KMSAlias: - - property: "Name" - type: "regex" - # KMSAlias does not have tags, and names start with "alais/" - value: "cpco-" - KMSKey: - - property: "tag:Name" - type: "regex" - value: "^cpco-.*" - CloudWatchLogsLogGroup: - - type: "regex" - value: "^/aws/eks/cpco-.*" - - type: "regex" - value: "^/aws/lambda/CIS.*" - EMRCluster: - - type: "regex" - value: "^cpco-.*" - EC2KeyPair: - - type: "regex" - value: "^cpco-.*" - IAMGroup: - - type: "regex" - value: "^cpco-.*" - IAMGroupPolicyAttachment: - - type: "regex" - value: "^cpco-.*" - IAMOpenIDConnectProvider: - - property: "tag:Name" - type: "regex" - value: "^cpco-.*" - Route53ResourceRecordSet: - - property: "Name" - type: "exact" - value: "testing.cloudposse.co." - - property: "Name" - type: "exact" - value: "us-west-2-ecs.testing.cloudposse.co." - - property: "Name" - type: "regex" - value: ".*atlantis.*" - Route53HostedZone: - - property: "Name" - type: "regex" - value: "^(?:us-west-2.)?(?:us-west-2-ecs.)?testing.cloudposse.co." - SSMParameter: - - property: "Name" - type: "regex" - value: "cpco-" + 126450723953: {}