The aws-nuke-exporter from oijkn

aws-nuke-exporter doesn't report lines lacking ID or complete Details

The sample_output folder demonstrates this for two of the three cases:

Missing Details - line in text output with only three - is omitted:

aws-nuke only prints details when it is possible to filter based on properties. Not all resource types support this.

% grep AppStreamImage sample_output/sample_nuke_output.txt 
xxx-xxx-xxx - AppStreamImage - xxx-xxx-xxx - cannot delete public AWS images
% grep -l AppStreamImage sample_output/*
sample_output/sample_nuke_output.txt
%

Incomplete Detail - line in text output missing closing ] is omitted (scroll right to see <<OutputTruncated>>):

Apparently, sometimes the Details data gets too long and is truncated? I haven't seen this, but it is in your samples.

% grep terraform sample_output/sample_nuke_output.txt 
global - IAMRolePolicy - xxx-xxx-xxx -> terraform-2023111309155894560000000c - [PolicyName: "terraform-2023111309155894560000000c", role:CreateDate:<<OutputTruncated>>
% grep -l terraform sample_output/*
sample_output/sample_nuke_output.txt
%

Detail present but missing ID

Some resource types don't have an ID that can be used for filtering, and aws-nuke can only filter with properties. For these, aws-nuke doesn't print an ID, but just skips ahead to Details.

us-east-1 - ECSTask - [ClusterARN: "arn:aws:ecs:us-east-1:xxxxxxxxxxxx:cluster/zzz", TaskARN: "arn:aws:ecs:us-east-1:xxxxxxxxxxxx:task/xxxxxx178008dbb84d49e7b7ade6ff37dccba5"] - would remove

The above cases should be sufficient for test purposes, but I can provide some more (obfuscated) examples.

An entry of particular interest is the one for the resource type NetpuneSnapshot (sic). I don't know if this is an aws-nuke error or a bug in the boto code, or in the AWS API itself, nor whether you can use that type for filters (and if you can, whether the filter works correctly). This would bear further investigation, but I dont have time right now.

us-east-1 - NetpuneSnapshot - rds:aurora-cluster-demo-2024-03-xx-xx-xx - would remove

Here is a more extensive list

us-east-1 - ECSCluster - arn:aws:ecs:us-east-1:xxxxxxxxxxxxx:cluster/xxxx-xxxxx - would remove
us-east-1 - SFNStateMachine - arn:aws:states:us-east-1:xxxxxxxxxxxxx:stateMachine:SimpleAsyncWorkflow462ECA3D-WfikQto27RjB - would remove
us-east-1 - CloudWatchEventsTarget - Rule: AWSControlTowerManagedRule Target ID: ControlTower-ManagedRuleTarget - filtered by config
us-east-1 - CloudWatchEventsTarget - Rule: AutoScalingManagedRule Target ID: autoscaling - would remove
us-east-1 - GlueDatabase - default - would remove
us-east-1 - CognitoUserPoolDomain - CognitoPool -> dns-name-7im7l1ccahjb9df9dmhvntu - would remove
us-east-1 - ResourceGroupGroup - AppManager-CFN-CDKToolkit - would remove
us-east-1 - ResourceGroupGroup - AppManager-CFN-StackSet-AWS-QuickSetup-SSMHostMgmt-LA-83a0h-a6a85309-14a4-4945-8c8c-a4dbc6a19e57 - would remove
us-east-1 - SageMakerNotebookInstance - BasicNotebookInstance-nTWO30HDG - would remove
us-east-1 - ConfigServiceConfigurationRecorder - aws-controltower-BaselineConfigRecorder - filtered by config
us-east-1 - SSMDocument - AWSQuickSetup-CreateAndAttachIAMToInstance-80h - would remove
us-east-1 - AppStreamImage - AppStream-Graphics-Design-WinServer2019-01-26-2024 - cannot delete public AWS images
us-east-1 - AWSBackupVaultAccessPolicy - aws/efs/automatic-backup-vault - would remove
us-east-1 - GlueCrawler - mac-training-crawler - would remove
us-east-1 - ECSTaskDefinition - arn:aws:ecs:us-east-1:xxxxxxxxxxxxx:task-definition/ecs-cloud-xxx-agent:1 - would remove
us-east-1 - ECSTaskDefinition - arn:aws:ecs:us-east-1:xxxxxxxxxxxxx:task-definition/ecs-cloud-linux-ec2:1 - would remove
us-east-1 - ECSTaskDefinition - arn:aws:ecs:us-east-1:xxxxxxxxxxxxx:task-definition/ecs-cloud-linux-fargate:1 - would remove
us-east-1 - GlueJob - mac-training-etl-job - would remove
us-east-1 - NeptuneInstance - tf-202308xxxxxxx32000000003 - would remove
us-east-1 - SQSQueue - https://sqs.us-east-1.amazonaws.com/xxxxxxxxxxxx/xxxx-test-q - would remove
us-east-1 - MediaConvertQueue - Default - cannot delete default queue
us-east-1 - SSMAssociation - 09xxxxe8-xxxx-xxxx-90c0-fe95xxxx08e9 - would remove
us-east-1 - AppConfigDeploymentStrategy - [ID: "AppConfig.AllAtOnce", Name: "AppConfig.AllAtOnce"] - cannot delete predefined Deployment Strategy
us-east-1 - CognitoUserPool - CognitoPool - would remove
us-east-1 - ServiceDiscoveryService - srv-npyxxxx5yuekl3 - would remove
us-east-1 - SageMakerNotebookInstanceState - BasicNotebookInstance-nTWO3ElT0HDG - would remove
us-east-1 - CloudWatchEventsRule - Rule: AWSControlTowerManagedRule - filtered by config
us-east-1 - CloudWatchEventsRule - Rule: AutoScalingManagedRule - would remove
us-east-1 - GlueTrigger - start - would remove
us-east-1 - ECSService - arn:aws:ecs:us-east-1:xxxxxxxxxxxx:service/jmaster -> arn:aws:ecs:us-east-1:xxxxxxxxxxxxx:cluster/zzz - would remove
us-east-1 - ECSTask - [ClusterARN: "arn:aws:ecs:us-east-1:xxxxxxxxxxxx:cluster/zzz", TaskARN: "arn:aws:ecs:us-east-1:xxxxxxxxxxxx:task/xxxxxx178008dbb84d49e7b7ade6ff37dccba5"] - would remove
us-east-1 - ServiceDiscoveryNamespace - ns-gxd7viamvwu - would remove
us-east-1 - NetpuneSnapshot - rds:aurora-cluster-demo-2024-03-xx-xx-xx - would remove
us-east-1 - ConfigServiceDeliveryChannel - aws-controltower-BaselineConfigDeliveryChannel - filtered by config
us-east-1 - SNSSubscription - Owner: xxxxxxxxxxxxx ARN: arn:aws:sns:us-east-1:xxxxxxxxxxxxx:aws-controltower-SecurityNotifications:991f621a-39f5-4294-9d3e-76da1a4e1845 - filtered by config
us-east-1 - SNSSubscription - Owner: xxxxxxxxxxxxx ARN: arn:aws:sns:us-east-1:275279264324:mac-re-AwsHealthNotification-LogError-Topic:0cxxxx56-404a-488a-9574-b9xxxx57cc49 - would remove
us-east-1 - SNSSubscription - Owner: xxxxxxxxxxxxx ARN: arn:aws:sns:us-east-1:275279264324:SimpleAsyncWorkflow-TextractAsyncTextractAsyncSNSBB89DC08-Cqgsu9I4Lu6l:111d6e8e-c74d-4e70-8302-c32ba2a734a1 - would remove
us-east-1 - NeptuneCluster - aurora-cluster-demo - would remove
us-east-1 - ServiceDiscoveryInstance - 178008dbb84d49e7b7ade6ff37dccba5 -> srv-npytkwz265yuekl3 - would remove
us-east-1 - LifecycleHook - Launch-LC-Hook - would remove
us-east-1 - LifecycleHook - Terminate-LC-Hook - would remove
us-east-1 - LifecycleHook - Launch-LC-Hook - would remove
us-east-1 - LifecycleHook - Terminate-LC-Hook - would remove
us-east-1 - OpsWorksUserProfile - arn:aws:sts::xxxxxxxxxxxxx:assumed-role/AWSReservedSSO_zzzzzzz/[email protected] - Cannot delete OpsWorksUserProfile of calling User
us-east-2 - ECSCluster - arn:aws:ecs:us-east-2:xxxxxxxxxxxxx:cluster/django_test - would remove
us-east-2 - CloudWatchEventsTarget - Rule: AWSControlTowerManagedRule Target ID: ControlTower-ManagedRuleTarget - filtered by config
us-east-2 - CloudWatchEventsTarget - Rule: aws-controltower-ConfigComplianceChangeEventRule Target ID: Compliance-Change-Topic - filtered by config
us-east-2 - CloudWatchEventsTarget - Rule: security-notify Target ID: Id5f453d2f-d5af-4c16-adbc-2dxxxff008 - would remove
us-east-2 - CognitoUserPoolDomain - xxxx0285_userpool_3bc85-dev -> xxxxx0285-3bc85-dev - would remove
us-east-2 - ConfigServiceConfigurationRecorder - aws-controltower-BaselineConfigRecorder - filtered by config
us-east-2 - AppStreamImage - AppStream-Graphics-Design-WinServer2019-01-26-2024 - cannot delete public AWS images
global - IAMSAMLProvider - arn:aws:iam::xxxxxxxxxxxxx:saml-provider/AWSSSO_e5xxxxxdec00ecbc_DO_NOT_DELETE - filtered by config

oijkn / aws-nuke-exporter Goto Github PK

aws-nuke-exporter's Introduction

Hey, I am Oijkn! Great to see you here!

⚡ Tech Stack

🚀 Languages

💻 Libraries & Framework

⚙️ Tools & Platform

📈 Stats

🔢Profile views counter

aws-nuke-exporter's People

Contributors

Stargazers

Watchers

Forkers

aws-nuke-exporter's Issues

aws-nuke-exporter doesn't report lines lacking ID or complete Details

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent