search

ekristen / aws-nuke

Remove all the resources from an AWS account
https://ekristen.github.io/aws-nuke/
MIT License
39 stars 7 forks source link

Errors unrelated to nuking cause exit status 1. #81

Closed YuriGal closed 6 months ago

YuriGal commented 6 months ago

During run the nuke logs errors about problems I have no control over, for example

time="2024-02-22T16:06:58Z" level=error msg="Listing FMSNotificationChannel failed:\n    AccessDeniedException: Operation GetNotificationChannel is only available to AWS Firewall Manager Administrators.\n    \tstatus code: 400, request id: db521f67-5dc4-40b4-b0b5-7cf7501841d0" error="AccessDeniedException: Operation GetNotificationChannel is only available to AWS Firewall Manager Administrators.\n\tstatus code: 400, request id: db521f67-5dc4-40b4-b0b5-7cf7501841d0"

time="2024-02-22T16:06:59Z" level=error msg="Listing ECRPublicRepository failed:\n    UnsupportedCommandException: DescribeRepositories command is only supported in us-east-1." error="UnsupportedCommandException: DescribeRepositories command is only supported in us-east-1."

time="2024-02-22T16:06:59Z" level=error msg="Listing FMSPolicy failed:\n    AccessDeniedException: Operation ListPolicies is only available to AWS Firewall Manager Administrators.\n    \tstatus code: 400, request id: 1765d4b5-1813-4e76-b8df-7ce3db7ee609" error="AccessDeniedException: Operation ListPolicies is only available to AWS Firewall Manager Administrators.\n\tstatus code: 400, request id: 1765d4b5-1813-4e76-b8df-7ce3db7ee609"

time="2024-02-22T16:07:00Z" level=fatal msg="*resources.SNSSubscription does not support custom properties"

If I remember correctly original nuke also detected these errors, but allowed execution to continue, with nuking the resources it could nuke. I believe the fork exits with the status code 1, which fails the entire run.

Is it possible to ignore errors such as mentioned above?

ekristen commented 6 months ago

@YuriGal thanks, on it.

ekristen commented 6 months ago

@YuriGal this is probably why the original nuke doesn't support global filters. How would you like this to behave? Simply warn that it doesn't support it? This could cause filters to be ignored completely. Especially ones defined globally is that acceptable?

ekristen commented 6 months ago

Actually I found the problem. You are right the original nuke just allowed it to continue and logged an warning. I will fix this regression and push an update.

YuriGal commented 6 months ago

Thanks!

ekristen commented 6 months ago

This should be fixed on the latest beta release https://github.com/ekristen/aws-nuke/releases/tag/v3.0.0-beta.19

ekristen commented 6 months ago

@YuriGal just calling direct attention here so you see it. Thanks for the testing and feedback.

YuriGal commented 6 months ago

Hi, sorry for the delay, just tried beta.19 - and it works! What's interesting, that list of log errors is much longer now, it shows errors it didn't show before. But it completes successfully.

ekristen commented 6 months ago

No worries on delay. Just wanted to make sure you saw the update. Again appreciate the feedback.

There were errors not previously logged or hidden in the past. I rewrote then underlying library and improved logging across the board.

Feel free to share your output sanitized or you can email me direct at erik@ekristen.dev

I can review to see if there's room to improve or if there's specific things you are seeing that look off please let me know.

ekristen commented 2 months ago

:tada: This issue has been resolved in version 3.0.0 :tada:

The release is available on GitHub release

Your semantic-release bot :package::rocket: