aws profiles not supported?

[ghost]

Hi, according to the documentation all "standard AWS CLI credential mechanisms" are supported by cloud-nuke. However, when I try to execute

cloud-nuke aws --profile my-profile-name

I get the following error: "flag provided but not defined: -profile"

Am I missing something?

[yorinasub17]

Hi Juan,

We support configuration via the config file (~/.aws/profile) or environment variables. For example, you can select the profile using the AWS_PROFILE env var:

AWS_PROFILE=my-profile-name cloud-nuke aws 

[saurabh-hirani]

This issue can be closed. I have also tried AWS profiles and they work. @yorinasub17

[sugandh-pasricha]

Hi @saurabh-hirani , I passed my profile as AWS_PROFILE=my-profile-name cloud-nuke aws

But even after that I'm getting the following error

ERRO[2019-11-08T11:47:23+05:30] *errors.errorString could not find any enabled regions /go/src/github.com/gruntwork-io/cloud-nuke/aws/aws.go:64 (0xad1568) /go/src/github.com/gruntwork-io/cloud-nuke/aws/aws.go:77 (0xad15d4) /go/src/github.com/gruntwork-io/cloud-nuke/commands/cli.go:112 (0xae646f) /go/src/github.com/gruntwork-io/cloud-nuke/vendor/github.com/gruntwork-io/gruntwork-cli/errors/errors.go:93 (0x9eb35b) /go/src/github.com/gruntwork-io/cloud-nuke/vendor/github.com/urfave/cli/app.go:490 (0x9da032) /go/src/github.com/gruntwork-io/cloud-nuke/vendor/github.com/urfave/cli/command.go:210 (0x9db3a5) /go/src/github.com/gruntwork-io/cloud-nuke/vendor/github.com/urfave/cli/app.go:255 (0x9d8198) /go/src/github.com/gruntwork-io/cloud-nuke/vendor/github.com/gruntwork-io/gruntwork-cli/entrypoint/entrypoint.go:21 (0xae8317) /go/src/github.com/gruntwork-io/cloud-nuke/main.go:13 (0xae85a7) /usr/local/go/src/runtime/proc.go:195 (0x42bca6) /usr/local/go/src/runtime/asm_amd64.s:2337 (0x458971) error="could not find any enabled regions"

Can this be access issue ? Is Admin Access required to run this tool ?

[saurabh-hirani]

cloud-nuke uses the AWS API which works with environment variables. So if the aws command line tool is working - cloud-nuke should also work.

The error says

ERRO[2019-11-08T11:47:23+05:30] *errors.errorString could not find any enabled regions

which is present at https://github.com/gruntwork-io/cloud-nuke/blob/master/aws/aws.go#L64

That function is trying to do a AWS describe-regions call - that is used to find out which regions are enabled for which AWS service. Can you check and confirm if you see any output when you do aws ec2 describe-regions command line call?

[saurabh-hirani]

Also please confirm if you have the profile set as my-profile-name in your corresponding AWS config file depending on your OS. The assumption is that aws cli is working fine.

[sugandh-pasricha]

@saurabh-hirani using the command aws ec2 describe-regions gives me the following output

{ "Regions": [ { "OptInStatus": "opt-in-not-required", "Endpoint": "ec2.eu-north-1.amazonaws.com", "RegionName": "eu-north-1" }, { "OptInStatus": "opt-in-not-required", "Endpoint": "ec2.ap-south-1.amazonaws.com", "RegionName": "ap-south-1" }, ....... ] } for all regions. I had a different profile name "testuser" and I had used that profile-name(testuser) in my AWSCLI AWS_PROFILE=test-user cloud-nuke aws

I am able to access the services through awscli. I have taken access to only ap-northeast-1 region for testing. Do we need Admin Access to use cloud nuke ?

[sugandh-pasricha]

These are the steps I've followed :

aws configure --profile testuser

export AWS_PROFILE=testuser

AWS_PROFILE=test-user cloud-nuke aws

After which I received "ERRO[2019-11-08T11:47:23+05:30] *errors.errorString could not find any enabled regions "

[saurabh-hirani]

Assuming that you meant AWS_PROFILE=testuser instead of AWS_PROFILE=test-user because you ran aws configure --profile testuser

I think there is a bug in how the region is being chosen and your specific use case triggered it.

As you mentioned that you have enabled only ap-northeast-1 - can you try the following command:

AWS_PROFILE=test-user cloud-nuke aws --region ap-northeast-1

You should see a list of resources to nuke and a prompt for the same

Are you sure you want to nuke all listed resources? Enter 'nuke' to confirm (or exit with ^C): 

As you are just testing press ctrl-c to exit as per the instructions in https://github.com/gruntwork-io/cloud-nuke

Once that is done try again with another region that you don't have access to. For example

AWS_PROFILE=test-user cloud-nuke aws --region eu-north-1

and update this thread with the output of the above command.

Please note that a successful run of the command lists the resources - please don't paste the resource names or IDs as they are private to your account.

[sugandh-pasricha]

hi @saurabh-hirani , After running the below command, I am getting same error AWS_PROFILE=testuser cloud-nuke aws --region ap-northeast-1

ERRO[2019-11-08T15:35:13+05:30] *errors.errorString could not find any enabled regions /go/src/github.com/gruntwork-io/cloud-nuke/aws/aws.go:64 (0xad1568) /go/src/github.com/gruntwork-io/cloud-nuke/aws/aws.go:77 (0xad15d4) /go/src/github.com/gruntwork-io/cloud-nuke/commands/cli.go:112 (0xae646f) /go/src/github.com/gruntwork-io/cloud-nuke/vendor/github.com/gruntwork-io/gruntwork-cli/errors/errors.go:93 (0x9eb35b) /go/src/github.com/gruntwork-io/cloud-nuke/vendor/github.com/urfave/cli/app.go:490 (0x9da032) /go/src/github.com/gruntwork-io/cloud-nuke/vendor/github.com/urfave/cli/command.go:210 (0x9db3a5) /go/src/github.com/gruntwork-io/cloud-nuke/vendor/github.com/urfave/cli/app.go:255 (0x9d8198) /go/src/github.com/gruntwork-io/cloud-nuke/vendor/github.com/gruntwork-io/gruntwork-cli/entrypoint/entrypoint.go:21 (0xae8317) /go/src/github.com/gruntwork-io/cloud-nuke/main.go:13 (0xae85a7) /usr/local/go/src/runtime/proc.go:195 (0x42bca6) /usr/local/go/src/runtime/asm_amd64.s:2337 (0x458971) error="could not find any enabled regions"

Is there any other method to configure aws credentials with cloud-nuke ?

[saurabh-hirani]

@sugandh-pasricha this is not tied to credentials.

The problem is that while the tool is looping to check each region it is silently ignoring the error. I have created a fork of the main repo and added a debugging statement.

If you have golang installed - can you try out the following dump the output

Edit: Updated the following instructions:

go get github.com/saurabh-hirani/cloud-nuke
cd $GOPATH/github.com/saurabh-hirani/cloud-nuke
git checkout check-issue-49
go build
./cloud-nuke aws

---

@brikis98 @autero1 - I think that because cloud-nuke does not use region from env var as described here - https://github.com/gruntwork-io/cloud-nuke/blob/master/aws/aws.go#L71 it tries to cycle through a list of regions through https://github.com/gruntwork-io/cloud-nuke/blob/master/aws/aws.go#L54 but it uses rand to select random regions, and it might be possible that it is cycling through the loop, choosing random regions but not selecting ap-northeast-1 which is the case. And it is silently ignoring the error - https://github.com/gruntwork-io/cloud-nuke/blob/master/aws/aws.go#L60

I have added debug statements to check the error - https://github.com/saurabh-hirani/cloud-nuke/commit/a36060e21489a1c2bc33191d4dfa70199a647776

In my case, if I chose a region that I don't have access to I get the following

test: checking region - ap-south-1
test: got error - UnauthorizedOperation: You are not authorized to perform this operation.
        status code: 403, request id: xxxx-xxx-xx-xx-xx

Just the generic statement could not find any enabled regions described here - https://github.com/gruntwork-io/cloud-nuke/blob/master/aws/aws.go#L64 does not help the end user debug the issue.

I think in @sugandh-pasricha ap-northeast-1 is not getting chosen. I may be wrong. But I think if the aws command line works for a specific region so should cloud-nuke

[saurabh-hirani]

@sugandh-pasricha it would help if you could help us replicate this error with debug statements by following the instructions in the above comment. Even if it is a code issue - we won't be able to gain insight because it is tied to your specific AWS access. You can use https://golang.org/doc/install to install golang.

[sugandh-pasricha]

hi @saurabh-hirani I had setup golang on my vm and tried to follow the commands provided by you. While running go build I got the following

github.com/gruntwork-io/cloud-nuke/commands

../../gruntwork-io/cloud-nuke/commands/cli.go:22:5: app.Author undefined (type cli.App has no field or method Author) ../../gruntwork-io/cloud-nuke/commands/cli.go:25:15: cannot use []cli.Command literal (type []cli.Command) as type []cli.Command in assignment ../../gruntwork-io/cloud-nuke/commands/cli.go:31:24: cannot use cli.StringSliceFlag literal (type cli.StringSliceFlag) as type cli.Flag in array or slice literal: cli.StringSliceFlag does not implement cli.Flag (Apply method has pointer receiver) ../../gruntwork-io/cloud-nuke/commands/cli.go:35:24: cannot use cli.StringSliceFlag literal (type cli.StringSliceFlag) as type cli.Flag in array or slice literal: cli.StringSliceFlag does not implement cli.Flag (Apply method has pointer receiver) ../../gruntwork-io/cloud-nuke/commands/cli.go:39:24: cannot use cli.StringSliceFlag literal (type cli.StringSliceFlag) as type cli.Flag in array or slice literal: cli.StringSliceFlag does not implement cli.Flag (Apply method has pointer receiver) ../../gruntwork-io/cloud-nuke/commands/cli.go:43:17: cannot use cli.BoolFlag literal (type cli.BoolFlag) as type cli.Flag in array or slice literal: cli.BoolFlag does not implement cli.Flag (Apply method has pointer receiver) ../../gruntwork-io/cloud-nuke/commands/cli.go:47:19: cannot use cli.StringFlag literal (type cli.StringFlag) as type cli.Flag in array or slice literal: cli.StringFlag does not implement cli.Flag (Apply method has pointer receiver) ../../gruntwork-io/cloud-nuke/commands/cli.go:52:17: cannot use cli.BoolFlag literal (type cli.BoolFlag) as type cli.Flag in array or slice literal: cli.BoolFlag does not implement cli.Flag (Apply method has pointer receiver) ../../gruntwork-io/cloud-nuke/commands/cli.go:62:17: cannot use cli.BoolFlag literal (type cli.BoolFlag) as type cli.Flag in array or slice literal: cli.BoolFlag does not implement cli.Flag (Apply method has pointer receiver)

Please have a look.

[saurabh-hirani]

@sugandh-pasricha - this issue discussion is going in a different direction. The problem in the tool not being built might be related to your golang setup and is not tied to this issue. It will be counter productive to discuss it in this thread. As I myself am contributing to this project in my free time, if you need help trying to build the tool and as that is a pre-requisite to getting the debugged output, I can help you through a 1:1 discussion - you can ping me on the gophers slack channel - https://invite.slack.golangbridge.org/ - I go by the same handle as my name.

[saurabh-hirani]

Worked with @sugandh-pasricha - found that the above error she was getting isn't related to her local setup but it is tied to this issue in cloud-nuke https://github.com/gruntwork-io/cloud-nuke/issues/77

She could use the saurabh-hirani@a36060e with debugging statements and was able to run the tool with the following command:

go run main.go aws  --region ap-northeast-1 --resource-type ec2

and got the following output

test: checking region - ap-south-1
test: got error - UnauthorizedOperation: You are not authorized to perform this operation.
    status code: 403, request id: c121548b-3057-46a2-8ec3-5a924ca90416
test: checking region - us-west-2
test: got error - UnauthorizedOperation: You are not authorized to perform this operation.
    status code: 403, request id: b51e3001-7297-4d6a-bc33-d962fe0eac9b
test: checking region - sa-east-1
test: got error - UnauthorizedOperation: You are not authorized to perform this operation.
    status code: 403, request id: 9eebb392-b056-438c-8f4a-445e6fbd564c
test: checking region - eu-central-1
test: got error - UnauthorizedOperation: You are not authorized to perform this operation.
    status code: 403, request id: 418d0d44-a894-492c-8094-6d4fc8220cda
test: checking region - ap-south-1
test: got error - UnauthorizedOperation: You are not authorized to perform this operation.
    status code: 403, request id: 01013284-2a19-45de-8f8a-f1df5194d2ca
test: checking region - ap-northeast-1

followed by a list of EC2 resources to delete as she has access to ap-northeast-1

But surprisingly, when working with the cloud-nuke Linux binary - she got the error as described above:

/go/src/github.com/gruntwork-io/cloud-nuke/aws/aws.go:64 (0xad1568)
/go/src/github.com/gruntwork-io/cloud-nuke/aws/aws.go:77 (0xad15d4)
/go/src/github.com/gruntwork-io/cloud-nuke/commands/cli.go:112 (0xae646f)
/go/src/github.com/gruntwork-io/cloud-nuke/vendor/github.com/gruntwork-io/gruntwork-cli/errors/errors.go:93 (0x9eb35b)
/go/src/github.com/gruntwork-io/cloud-nuke/vendor/github.com/urfave/cli/app.go:490 (0x9da032)
/go/src/github.com/gruntwork-io/cloud-nuke/vendor/github.com/urfave/cli/command.go:210 (0x9db3a5)
/go/src/github.com/gruntwork-io/cloud-nuke/vendor/github.com/urfave/cli/app.go:255 (0x9d8198)
/go/src/github.com/gruntwork-io/cloud-nuke/vendor/github.com/gruntwork-io/gruntwork-cli/entrypoint/entrypoint.go:21 (0xae8317)
/go/src/github.com/gruntwork-io/cloud-nuke/main.go:13 (0xae85a7)
/usr/local/go/src/runtime/proc.go:195 (0x42bca6)
/usr/local/go/src/runtime/asm_amd64.s:2337 (0x458971)
 error="could not find any enabled regions"

We couldn't progress beyond that and currently the workaround for her is to run go run main.go... - I don't see a reason why the binary and the main repo should be out of sync. Post the latest release https://github.com/gruntwork-io/cloud-nuke/releases/tag/v0.1.11 there have been just typo fix commits. I couldn't debug why this is the case.

@sugandh-pasricha - Can you try building the go binary using go build and report if your locally built binary works for you and the downloaded one doesn't?

@autero1 @brikis98

[sugandh-pasricha]

hi @saurabh-hirani , So I tried building it locally using the repo and it worked for me. go main.go aws --region ap-northeast-1 --resource-type ec2 I got the following output :

INFO[2019-11-09T21:47:46+05:30] Retrieving active AWS resources in [ap-northeast-1] INFO[2019-11-09T21:47:46+05:30] Checking region [1/1]: ap-northeast-1
INFO[2019-11-09T21:47:48+05:30] The following AWS resources are going to be nuked:
INFO[2019-11-09T21:47:48+05:30] * ec2-i-
INFO[2019-11-09T21:47:48+05:30] ec2-i-

THE NEXT STEPS ARE DESTRUCTIVE AND COMPLETELY IRREVERSIBLE, PROCEED WITH CAUTION!!!

Are you sure you want to nuke all listed resources? Enter 'nuke' to confirm (or exit with ^C):

But when I tried to use the binary I got the error mentioned in previous comments: cloud-nuke aws --region ap-northeast-1 --resource-type ec2

ERRO[2019-11-09T21:46:27+05:30] *errors.errorString could not find any enabled regions /go/src/github.com/gruntwork-io/cloud-nuke/aws/aws.go:64 (0xad1568) /go/src/github.com/gruntwork-io/cloud-nuke/aws/aws.go:77 (0xad15d4) /go/src/github.com/gruntwork-io/cloud-nuke/commands/cli.go:112 (0xae646f) /go/src/github.com/gruntwork-io/cloud-nuke/vendor/github.com/gruntwork-io/gruntwork-cli/errors/errors.go:93 (0x9eb35b) /go/src/github.com/gruntwork-io/cloud-nuke/vendor/github.com/urfave/cli/app.go:490 (0x9da032) /go/src/github.com/gruntwork-io/cloud-nuke/vendor/github.com/urfave/cli/command.go:210 (0x9db3a5) /go/src/github.com/gruntwork-io/cloud-nuke/vendor/github.com/urfave/cli/app.go:255 (0x9d8198) /go/src/github.com/gruntwork-io/cloud-nuke/vendor/github.com/gruntwork-io/gruntwork-cli/entrypoint/entrypoint.go:21 (0xae8317) /go/src/github.com/gruntwork-io/cloud-nuke/main.go:13 (0xae85a7) /usr/local/go/src/runtime/proc.go:195 (0x42bca6) /usr/local/go/src/runtime/asm_amd64.s:2337 (0x458971) error="could not find any enabled regions"

[sugandh-pasricha]

@saurabh-hirani thanks a lot for your support ! I am able to use cloud-nuke now through repo.

[breml]

Just as a hint, it might be necessary to set AWS_SDK_LOAD_CONFIG and AWS_PROFILE (see as well https://github.com/gruntwork-io/cloud-nuke/issues/89#issuecomment-707676597).

[marinalimeira]

It seems that the original issue has been resolved. If you are still facing it, feel free to reopen it.