Nuking Route53 Records

[mikehenry-io]

I want to nuke a number of Route53HostedZone still containing records. Can this be forced?

If not, how can I specify removal of all records for the hosted zones to be nuked? Do they need to be individually named?

Documentation is not clear how this should work.

Thanks!

[ekristen]

By default a zone has to be empty, so you'd have to allow all records to be deleted first.

It's its own resource. Your config would need to include both the zone and record if you are specifying resource types.

[mikehenry-io]

Yes, but is there no convenient syntax on the record resource to express something like "delete all records in hosted zone x.y.z"? Or "remove all records belonging to hosted zones having tag "key: value"?

There are many situations where one resource is contained in another that must be deleted before the container also can be deleted.

[ekristen]

Is your objective to only delete specific zones, therefore you want to also include all records?

I've been thinking of needing a targeting mode, but it's a bit problematic with the current design.

[ekristen]

You can do inverts on filters to target specific zones and record sets in the mean time. Do you have a config to share?

[mikehenry-io]

Yes, we have multiple test-environments in the same account and want to nuke just the resources for the particular environment, tagging resources with an environment-tag and filtering on that. Config is very standard; it includes hundreds of resource-types and filtering them using the tag:Name property containing the environment name with invert: true as you mentioned.

I do have a script in our CI that does some massaging of the hosted zones for these environments. For now, I'll enhance that script to do a better job scrubbing those hosted zones before invoking Nuke.

Thanks!

[ekristen]

Nuking for a particular environment when sharing the same account can be tricky. Currently the design of the tool is filter what you want to keep vs what you want to nuke. However the invert on each filter can do the inverse.

In this case you could have a config that includes the route53 resource types, set a filter to filter out the environment you want to nuke, but then set the invert, to true, this will actually keep everything else and set the environment you want to nuke to be removed.

If this isn't what you are asking or wanting, what's your ask? Thanks!

[mikehenry-io]

Thanks Erik, My ask was if there was a syntax to specify Route53 records belonging to a hosted zone with a particular tag, since Route53 records can't have tags themselves. I think you answered that question so this ticket can be closed, unless you want to make a feature-request out of it. In any case, thank you for the clarification!

[ekristen]

Oh interesting. Technically we could probably do that, pull some of the zone information into the record set (like tags). Something like tag:zone:<key>=<value> that way you could do a filter on a tag of a zone for a record. If you are interested in that we can make a feature request for it. Seems valuable.

[mikehenry-io]

I think that would be a great feature. Thank you!