Open dguido opened 8 years ago
According to your suggestion, there is only function to shutdown a VM, but not to destroy. As I know DigitalOcean continue to charge the money even a VM is down. So, there is no way to destruct a VM without a query to the API. But requests to the API from a VM is too insecure
Darn, yes you are right. This might work on other providers but it does not work on Digital Ocean.
This can integrated easily on providers such as EC2 as instances can be set to terminate on shutdown during creation.
We could add a shell script to cron with the user's DigitalOcean token embedded and have it curl out the appropriate call to the API to terminate the instance... but that requires storing an API key in the cloud :-(
For reasons why tearing down your infrastructure on a regular basis is important, see also "ShadowBrokers."
If Docker Machine is used to provision the server, you can easily automate stop/removing it form your laptop or desktop. The only thing with this, is you'll have Docker installed on it, though I don't think that's much of a drawback.
if deployed to AWS , this could be done with (a) lambda scheduled cron and (b) cloudformation delete-stack
Most people will use this script to setup a VPN when they travel. When they return home they might stop using the VPN and forget that the VM still exists. This will cost them money. Let's have the VM self-destruct after a given time period by default. 1 month sounds like a good timeframe.
This has security benefits as well, since an attacker would need to setup infrastructure, services, maybe get a warrant, etc to intercept traffic to/from your VPN server. Routinely rotating the infrastructure makes it much harder to "get a fix" on you.
Here's a great implementation of this idea: