Automated AWS account clean-up with aws-nuke and Azure DevOps.
Older versions of aws-nuke did not support filtering IAM resources types by their tags.
Use glob to specify multiple resources that following a naming pattern:
IAMGroup:
- type: glob
value: "Automated*"
By default, aws-nuke will destroy default VPC network resources:
To avoid this, exclude VPC resources from destruction:
- EC2VPC
- EC2Subnet
- EC2InternetGatewayAttachment
- EC2NetworkACL
- EC2RouteTable
- EC2DHCPOption
- EC2InternetGateway
aws-nuke treats data resources as separate from the containing resource. For S3, this means that you must have separate rules for S3 buckets and the objects in the buckets.
The S3 types are:
- S3Bucket
- S3MultipartUpload
- S3Object
For normal use, exclude S3Object. This issue explains that aws-nuke will run slowly and use a lerge amount of resources if required to process thousands of objects in S3 buckets.
Similarly, there are separate types for DynamoDB records and tables:
- DynamoDBTable
- DynamoDBTableItem