search

rebuy-de / aws-nuke

Nuke a whole AWS account and delete all its resources.
https://github.com/ekristen/aws-nuke
MIT License
5.75k stars 721 forks source link

after writing a script there are some issues #824

Closed mdemarco1234 closed 5 days ago

mdemarco1234 commented 2 years ago

Issue 1.

This one does not delete and you can see the script and the actual string that your program interprets the resource identifier to Be. Why does it not delete the Below?

problem does not delete

had SecurityHub - [Arn: "arn:aws:securityhub:us-east-2:784948981822:hub/default"]

securityhub1: filters: SecurityHub:

Issue 2

Both keys are not found. Why are they not in the applications of resources for Deletion?

Key not found

snssubscription:

filters:

SNSSubscription:

- type: "regex"

value: Owner: 784948981822 ARN: arn:aws:sns:eu-west-1:[[:digit:]]{12}:aws-controltower-SecurityNotifications:7414efbb-b88e-4d2e-8242-ee777646d09d # need regex for guid

Key not found

snstopic:

SNSTopic:

- type: "regex"

value: "TopicARN: arn:aws:sns:us-east-2:[[:digit:]]{12}:aws-controltower-SecurityNotifications"

Item 3 - On the Below I don't like the identifiers that I have to delete on because they have no name and what if we tear down our terraform stack and we have to rebuild it and those id's are different? Don't want to rebuild this script each time

GuardDutyDetector:

der-eismann commented 2 years ago

Hello @mdemarco1234,

first of all I have to say that I really have trouble understanding your problems because of the way you formatted your questions. Maybe you can start using code tags (```) in the future so program output and config contents are readable. It would also help to understand if you post some logs.

Issue 1) You need to apply the filter to the Arn property of the Security Hub, like this:

SecurityHub:
  - type: "regex"
    property: Arn
    value: "arn:aws:securityhub:us-east-2:[[:digit:]]{12}:hub/default"

Issue 2) Both SNSTopic and SNSSubscription are supported. Without your config I can't really help here.

Issue 3) Why don't you use a regex for that? We don't use GuardDuty, so I don't know much about it, but it looks like you can only have one per account/region. So either keep all or delete them all, not sure what you want to achieve.

Hope this helps!

mdemarco1234 commented 2 years ago

Hello,

Thanks for the response . Below is the config file some of this needs to be refactored and would like to get your take on the file and what else you think needs to be corrected.  need a regex for the guids in the file as well as a regex the guard. 

---

regions:

presets: sso: filters: IAMSAMLProvider:

ekristen commented 5 days ago

Please test the fork https://github.com/ekristen/aws-nuke, if this is still a problem, please open an issue there. Please be sure to use codefences and proper formatting of your configs and content to make help easier. Thank you.

Please see the copy of the notice from the README about the deprecation of this project. Sven was kind enough to grant me access to help triage and close issues and pull requests that have already been addressed in the actively maintained fork. Some additional information is located in the welcome issue for more information.

[!CAUTION] This repository for aws-nuke is no longer being actively maintained. We recommend users to switch to the actively maintained fork of this project at ekristen/aws-nuke. We appreciate all the support and contributions we've received throughout the life of this project. We believe that the fork will continue to provide the functionality and support that you have come to expect from aws-nuke. Please note that this deprecation means we will not be addressing issues, accepting pull requests, or making future releases from this repository. Thank you for your understanding and support.