Comments (4)
svenwltr
commented on June 3, 2024
Since #66 is done, we can start implementing this. Now we need to figure out how the configuration should look like.
Some questions which pop up for me:
- Do we only need include? Or only exclude? Or both?
- If both, does it make sense to disallow specifying both?
- Where should we attach the include/exclude config?
- For a specific account?
- For the whole config?
- Both?
- If so, how should it behave when specifying on both levels?
- Do we still need the
--targetcommand line flag?- If so, should we somehow streamline it with the config behaviour?
I already have some ideas about this questions, but I want to hear other opinions first. So, please discuss.
/cc @rebuy-de/prp-aws-nuke
from aws-nuke.
svenwltr
commented on June 3, 2024
Here is my proposal.
We add include and exclude configurations as:
- CLI arguments which can be used multiple times (
--includeand--exclude) - account specific parameter (
.accounts,*.resource-types.includeand.accounts.*.resource-types.exclude) - global parameter for the whole config (
.resource-types.includeand.resource-types.exclude)
In general exclude has precedence over include. This means that a resource type must not get deleted, if it is specified in any configuration type (ie, cli arg, account-specific, global). Also, if an include is defined anywhere, only the specified resources types are allowed to get nuked. Specifying no include in any configuration type mean that all, but the excluded resources should get nuked.
I don't see a clear way for handling multiple includes. Assuming we have three sets A, B and C for the configuration via global parameters, account specific parameters of CLI arguments, we could generate the final include set like:
- the intersection of all non-empty sets
A,B,C - or the union of all sets
A,B,C.
For example we could define this config:
---
regions:
- "eu-west-1"
account-blacklist:
- 1234567890
resource-types:
include:
- S3Bucket
- S3Object
accounts:
421337:
resources-types:
include:
- S3Bucket
- IAMRole
And would nuke it with this command:
aws-nuke --config nuke.yaml --include S3Bucket --include EC2Instance
So when using the intersection method, the resulting nuke target would be S3Bucket and when using the union method the result would be S3Bucket, S3Object, IAMRole and EC2Instance. Both somehow make sense, but I don't see a clear winner.
What are your opinions on this?
from aws-nuke.
svenwltr
commented on June 3, 2024
I created a PR: #74
from aws-nuke.
svenwltr
commented on June 3, 2024
This change will be included in v1.4.0. I already created a release candidate and would be happy about any feedback: https://github.com/rebuy-de/aws-nuke/releases/tag/v1.4.0-rc1
from aws-nuke.
Related Issues (20)
- How to filter a resources using 2 property HOT 1
- Add support for Glue SecurityConfiguration
- GO error HOT 1
- Add support for Budget Actions
- Add support for SageMaker Space Apps and Spaces
- Unstable branch? HOT 7
- How long does aws-nuke take to delete S3 bucket with 6 GB plus HOT 1
- [DirectoryService] AWS Managed Microsoft AD fails to nuke if AD is shared with other accounts HOT 2
- Cant delete IoTThingGroup HOT 1
- fails to delete efs with v2.20.0+ HOT 3
- Cannot delete secrets that are part of the Event Bridge connection HOT 2
- AWS Nuke Process Attempts to Delete ECRRepository Resource in Unsupported Regions HOT 6
- Suppress "cannot delete *" HOT 1
- Cannot have more than 0 builds in queue for the account HOT 4
- Issue nuking a region - help HOT 2
- OpenSearch Serverless: collections not being deleted
- Include SageMaker domains, user, user profile and space. HOT 1
- Listing OpsWorksCMServer failed
- Can not add an alias to our accounts HOT 2
- i ran your tool and cant login anymore HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aws-nuke.