Abstract
- A tool to remove all resources in an AWS Account automatically without manually clicking countless buttons
- Refer to Github Repo for more details
CAUTION
Always double check what resources that AWS Nuke aren’t able to remove. There are a few resources that require manual removal like AWS Network Firewall.
Setup Checklist:
AWS Account Setting
- We need to create Account Alias in order to start using
aws-nuke
AWS Nuke Configuration File
We are using a .yml to configure the behaviour of aws-nuke
Example 1: Remove all
regions:
- "ap-southeast-1"
account-blocklist:
- 1234567890
accounts:
"<YOUR_ACCOUNT_NUMBER>": {}Yaml Syntax
Make sure there is a space between
:and{}
Example 2: Filter resources
Prevent some resources from be removed
# Achieve this: ap-southeast-1 - ACMCertificate - arn:aws:acm:ap-southeast-1:106330972960:certificate/5212c31a-94f1-4dc9-80a8-b72d8d6b2054 - [DomainName: "vault.yxy.ninja"] - filtered by config
regions:
- "ap-southeast-1"
account-blocklist:
- 1234567890
accounts:
"<YOUR_ACCOUNT_NUMBER>":
filters:
ACMCertificate:
- "arn:aws:acm:ap-southeast-1:106330972960:certificate/5212c31a-94f1-4dc9-80a8-b72d8d6b2054"Start the Nuke!
- Pass in the AWS Nuke Configuration File & AWS Credentials to the container using Docker Volume
docker run \
--rm -it \
-v <ABSOLUTE_PATH_TO_CONFIG.YAML>:/home/aws-nuke/config.yml \
-v <ABSOLUTE_PATH_TO_.aws>:/home/aws-nuke/.aws \
rebuy/aws-nuke:latest \
--profile <YOUR_AWS_PROFILE> \
--config /home/aws-nuke/config.yml