Questions

[mdemarco1234]

Okay. I need a sample script where you log into an account and delete only certain resources from the account. also want to not delete an cloud formation scripts associated with the script, If you don't have a script then create an example where I delete the ec2 instances that are associated with the account I am logged into and running this Utility on

Below is the start of the config file i want to run but i have some questions. there is an assumption by a team member that you can log into an account and nuke all but exceptions which I see not proof of, what you have is a block list qualifier and which exempts that account from Being nuked and all other accounts get deleted if they are stated. can we login to an account and then have the deletions self referential or not. look at this link to see what he does which is what I think needs to be done to use your solution not the login to an account and Delete with exceptions. If this can be done can by logging into the account that is going to be deleted then would like an example. Also, want to exclude every account from any cloud formation deletions and below is some script for that. Is that correct and if not what is it

https://medium.com/airwalk/aws-nuke-without-destroying-sso-f73d9cce85fd

regions:

• "global" # This is for all global resource types e.g. IAM
• "us-east-2"
• "us-east-1"
• "us-west-2"
• "ap-southeast-2"
• "eu-west-1"

resource-types: excludes:

• CloudFormation

sso: filters: IAMSAMLProvider:

• type: "regex" value: "AWSSSO_.*_DO_NOT_DELETE" IAMRole:
• type: "glob"
  value: "AWSReservedSSO_*" IAMRolePolicyAttachment:
• type: "glob" value: "AWSReservedSSO_*"

cloudtrail: filters: CloudTrailTrail:

• aws-controltower-*
• aws-aft-*

lambda: aws-controltower-*

sns:

 aws-controltower-*

[bjoernhaeuser]

Hi @mdemarco1234,

I was reading your issue several times now and still do not understand what you are looking for. Would be great if you can rephrase your questions.

Thanks.

[mdemarco1234]

Hi,

I rephrased the question above. Did U have a chance to look at what was written?

[bjoernhaeuser]

Hi there,

still very unclear what your question is. If you run aws-nuke you need to provide some sort of credentials, the run then happens against the account which is connected by these credentials.

You can have the same config file for many accounts and then use presets to share the filters between different accounts. I recommend you to read the readme file again, from top to bottom. I think all these points are extensively covered there.

[mdemarco1234]

I dont think Ur correct. Documentation unclear about deleting from a logged in account. every example you give shows accounts. I want a script example that show how to delete resources where no account is Mentioned in the script. a simple request

From: Björn Häuser @.> Sent: Tuesday, June 21, 2022 11:01 AM To: rebuy-de/aws-nuke @.> Cc: mdemarco1234 @.>; Mention @.> Subject: Re: [rebuy-de/aws-nuke] Questions (Issue #816)

Hi there,

still very unclear what your question is. If you run aws-nuke you need to provide some sort of credentials, the run then happens against the account which is connected by these credentials.

You can have the same config file for many accounts and then use presets to share the filters between different accounts. I recommend you to read the readme file again, from top to bottom. I think all these points are extensively covered there.

— Reply to this email directly, view it on GitHubhttps://github.com/rebuy-de/aws-nuke/issues/816#issuecomment-1161870563, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAZZ2ODHKR3OAD5333VQEI3VQHKLZANCNFSM5ZJOVTFA. You are receiving this because you were mentioned.Message ID: @.***>

[bjoernhaeuser]

This use case is not supported by aws-nuke. If you need something like this you would either change the tool and/or dynamically generate the config file.

[mdemarco1234]

Sometimes it takes time to communicate your very much a literal person who needs to see to determine it so look below. if we login to an account lets say 8888 and then run the tool with the bottom config file will the following semantics be observed. the regions specified are the ones for which this would occur. cloud formation would be excluded from ever being deleted and cloud trail excludes those resources with the regex from being deleted and all the rest below following the regex and glob. Is this config file accurate. If not tell me what has to be done to make it right and it also appears your telling me that an account id has to be included in the script is that correct?

regions:

• "global" # This is for all global resource types e.g. IAM
• "us-east-2"
• "us-east-1"
• "us-west-2"
• "ap-southeast-2"
• "eu-west-1"

resource-types: excludes:

• CloudFormation filters: CloudTrail:
  • type: "regex" value: "aws-controltower-*
  • type: "regex"
    value: "aws-aft-*" IAMSAMLProvider:
  • type: "regex" value: "AWSSSO_.*_DO_NOT_DELETE" IAMRole:
  • type: "glob"
    value: "AWSReservedSSO_*" IAMRolePolicyAttachment:
  • type: "glob" value: "AWSReservedSSO_*" Lambda:
  • type: "regex"
    value: "aws-controltower-*" Sns:
  • type: "regex" value: aws-controltower-*

[DonDebonair]

@mdemarco1234 can I give you some tips?

• Act more respectful towards the maintainers of this tool. They're making this in their free time. You're using language like

a simple request

and

Sometimes it takes time to communicate your very much a literal person who needs to see to determine it so look below

which comes across as entitled and rude. Be nice!

• When you write something, go over it again before you hit the Comment or Submit button and fix things. Your comments are full of run-on sentences without proper use of capitalization and with bad formatting. For example, use backticks around your code blocks.

These tips alone will get you so much farther when you need help from people!