search

ekristen / aws-nuke

Remove all the resources from an AWS account
https://ekristen.github.io/aws-nuke/
MIT License
257 stars 26 forks source link

Support deletion of EC2Address with Network Border group #371

Closed fridim closed 1 month ago

fridim commented 1 month ago

Steps to reproduce:

When nuking, if the NetworkBorderGroup isn't specified, the EC2Address isn't released.

If you provide an incorrect network border group, you receive an InvalidAddress.NotFound

To illustrate, this is the python boto3 code that works:

client = boto3.client('ec2')
response = client.describe_addresses()

for address in response['Addresses']:
    # Disassociate address
    if address.get('AssociationId'):
        client.disassociate_address(
            AssociationId=address['AssociationId']
        )
        print("Disassociated Elastic IP: " + address['AllocationId'])

    client.release_address(
        AllocationId=address['AllocationId'],
        NetworkBorderGroup=address.get('NetworkBorderGroup', '')
    )
    print("Released Elastic IP: " + address['AllocationId'])
    changed = True

The go struct ReleaseAddressInput to pass that parameter:

type ReleaseAddressInput struct {
    _ struct{} `type:"structure"`

    // The allocation ID. This parameter is required.
    AllocationId *string `type:"string"`

    // Checks whether you have the required permissions for the action, without
    // actually making the request, and provides an error response. If you have
    // the required permissions, the error response is DryRunOperation. Otherwise,
    // it is UnauthorizedOperation.
    DryRun *bool `locationName:"dryRun" type:"boolean"`

    // The set of Availability Zones, Local Zones, or Wavelength Zones from which
    // Amazon Web Services advertises IP addresses.
    //
    // If you provide an incorrect network border group, you receive an InvalidAddress.NotFound
    // error.
    NetworkBorderGroup *string `type:"string"`

    // Deprecated.
    PublicIp *string `type:"string"`
}
ekristen commented 1 month ago

@fridim I just successfully removed EC2Address without modifying the code for NetworkBorderGroup but I also only have the default border group, so perhaps it fails if it's a custom group? Do you have any more details you can share?

ekristen commented 1 month ago

There's a fix for this in #375, please see the github action for binaries - https://github.com/ekristen/aws-nuke/actions/runs/11282949877 -- please test and confirm. I am unable to do anything besides default network border group.

ekristen commented 1 month ago

:tada: This issue has been resolved in version 3.27.0 :tada:

The release is available on GitHub release

Your semantic-release bot :package::rocket: