In this blog, we'll walk through how to install and use aws-nuke to keep your AWS accounts tidy.

🔍 Finding the Right Version of AWS-Nuke

aws-nuke is a command-line tool that helps you automatically delete AWS resources. It's perfect for cleaning up development, staging environments, or handling multiple AWS accounts. 💼

But wait—there are two versions of aws-nuke you’ll likely come across:

1. The original version by rebuy-de, which is now deprecated (⛔).

2. The actively maintained version by ekristen, which is the one we'll be using in this guide (✅). You can check it out here.

We’ll focus on the latest version, which is free to use under the MIT license, and the documentation can be found here.

🔧 Installing AWS-Nuke

There are two main ways to install aws-nuke. Let’s dive in! 🌊

Option 1: Install from Released Binaries

The recommended way is to grab the released binaries from GitHub.

1. Head over to the GitHub releases page.

2. Download the binary for your OS (Linux, macOS, or Windows).

3. Add the binary to your $PATH, so you can run it from anywhere.

Option 2: Install via Homebrew (Mac Users 🍎)

If you’re on a Mac, Homebrew makes this super easy. Just run:

brew install ekristen/tap/aws-nuke

⚠️ Heads up! Make sure you use the correct tap (ekristen/tap/aws-nuke). If you accidentally install with just brew install aws-nuke, you might end up with the older, deprecated version.

🚀 Getting Started with AWS-Nuke

Alright, you’ve got it installed—now let’s use it! 😎

Step 1: AWS Credentials 🔑

Before running anything, make sure your AWS credentials are set up properly. You can configure these either through environment variables or the ~/.aws/credentials file. You will need ‘Administrator’ permission on the account where you want to run the clean-up.

Step 2: Create a Config File 🛠️

Next, create a configuration file (typically named config.yml) to specify which AWS accounts and regions you want to clean up, and any specific resources you want to keep.

Here’s a simple example:

regions:     # Specify the regions to target for clean-up.
  - "global" # This is for all global resource types e.g. IAM
  - "us-east-1"
  - "us-west-2"

blocklist:   # Specify which accounts should not be touched (Stage/Prod etc.)
  - "111122223333" # Keep this account safe from nuking

accounts:    # Specify which accounts to target for clean-up.
  "123456789012": # Nuke this account
    filters: # Specify Filter to use for choosing resources to clean-up
      IAMSAMLProvider: 
        - type: "regex"   # You can use regex
          value: "AWSSSO_.*_DO_NOT_DELETE"
      IAMRole:
        - type: "glob"
          value: "AWSReservedSSO_*"
      IAMRolePolicyAttachment:
        - type: "glob"
          value: "AWSReservedSSO_*"
      IAMUser:            # You can specify direct match
        - "aws-nuke-access"
      IAMUserPolicyAttachment:
        - "aws-nuke-access -> AdministratorAccess"
      IAMUserAccessKey:
        - "aws-nuke-access -> ABCDEFGHFR2HABCDEFGH"
      EC2KeyPair:
        - "my-keypair"

This configuration will focus on the specified regions and ensure the aws-nuke-access IAM user, its policies, SSO roles, and my-keypair EC2 key pair are not deleted. etc.

There is a bit more elaborate starter configuration documented here.

Step 3: Basic Commands 📝

Once you have the configuration file let’s try some basic commands

aws-nuke --help
aws-nuke explain-account --help
aws-nuke explain-account -c config.yml
aws-nuke explain-config -c config.yml

The above is pretty self-explanatory. we are just trying to get help text and basic information of account and config based on the config file we have created.

Step 4: Dry Run First 🚧

💡 Pro tip: Always do a dry run first to see what resources will be deleted—just in case!

aws-nuke run -c config.yml --profile <aws-profile>

If everything looks good, you can add the --no-dry-run flag and proceed to the real thing!

Step 5: Nuke Time! 💣

When you're ready to clean up your AWS account, simply run:

aws-nuke run -c  config.yml --profile <aws-profile> --no-dry-run

aws-nuke will take it from here, and start cleaning up the resources listed in your config file. Depending on how many resources you have, this could take some time ⏳—so grab a coffee! ☕

🚨 Safety First: Tips to Stay on the Safe Side

As powerful as aws-nuke is, it's important to use it carefully. Here are a few tips:

• ✅ Always run a dry run before actually deleting anything.

• 📝 Double-check your configuration file to avoid accidentally nuking important resources.

• 📦 Backup critical data (e.g., S3 buckets, EC2 volumes) if needed, especially when running aws-nuke in production environments.

😬 Known Pitfalls and Things to Watch Out For

While aws-nuke is an amazing tool, it’s not without a few quirks. Here are some common pitfalls to watch out for:

1. Some Resources May Fail to Delete ⚠️

Certain AWS resources may fail to delete on the first attempt due to things like resource locks, dependencies, or other constraints. If you encounter issues, rerun the utility to ensure everything gets cleaned up properly. Sometimes, a second or even third pass may be necessary to clear everything out.

2. Long Execution Times for S3 Buckets with Large Object Counts 🕒

If you have S3 buckets with a large number of objects, aws-nuke might take a long time to delete all the contents. In these cases, it can be faster to delete the bucket directly from the AWS Console.

🏁 Wrapping Up

And there you have it! aws-nuke is a great way to automate resource cleanup across your AWS accounts, saving you time and preventing unwanted costs. By following these steps, you’ll be able to easily install and use the tool to manage your AWS resources.

Remember to use aws-nuke carefully, and always review your resources before hitting that nuke button! 💥

For more details, check out the official documentation, and happy cleaning! 🧹

Don’t worry, though; there’s a way to clean up this cloud mess. Say hello to AWS Nuke! 🧹

In this article, we'll break down what AWS Nuke is, why you might need it, and when to use it in a simplified approach.

What is AWS Nuke? 🤔

Imagine you could snap your fingers and instantly clear out everything you don’t need in your cloud — AWS Nuke is pretty much that magic trick. ✨ It's a tool that lets you delete a bunch of resources in your AWS account, like virtual machines, storage buckets, databases, and more.

The best part? AWS Nuke gives you control. You can create a "keep" list to make sure it doesn’t delete anything important. It’s like having a supercharged vacuum cleaner for your cloud. 🧼🗑️ Just be careful — with great power comes great responsibility!

Why Would You Use AWS Nuke? 🤷‍♀️

We’ve all been there: you start using a new tool, trying things out, and before you know it, you’ve got a bunch of stuff cluttering up your account. Here are some real-life reasons you might want to use AWS Nuke:

1. Clean Up Non-Production Environments 🧽

If you’re working on projects, testing new apps, or learning new things, your AWS account can turn into a digital jungle. 🌱 It's easy to forget about old test servers, databases, or random files you created along the way. AWS Nuke helps you clear all that out so you can start fresh next time, like wiping your desk clean before starting a new project.

2. Better Security 🛡️

Did you know that those forgotten cloud resources can be a security risk? 😱 Imagine a dusty old database hanging out in your account, holding sensitive information that could potentially be exposed. AWS Nuke can make sure there’s no forgotten treasure chest of data lying around, helping you keep things safe and secure.

3. Save Some Money 💸

Cloud services charge you for what you use, and sometimes what you forget to clean up. 🕰️💰 It’s like leaving the lights on in rooms you’re not using — those costs add up! AWS Nuke helps you quickly get rid of resources you don’t need, so you’re only paying for what you actually use.

4. Starting Fresh for Testing 🔄

If you’re testing out new software or automation scripts, you know the importance of starting with a clean slate. AWS Nuke lets you do that with a snap of your fingers. 🫰 It’s like wiping the whiteboard clean before starting a new brainstorming session.

5. Closing or Handover an Account 📦➡️

Maybe you’re shutting down an AWS account or handing it over to someone else. You definitely don’t want to leave any loose ends. AWS Nuke makes sure you can pack up everything neatly and leave the account spotless for the next person. 🚪✨

When Should You Use AWS Nuke? 🕰️

This tool is powerful, so it’s important to know when to use it. Here are the situations where it makes sense to call in AWS Nuke:

1. For Non-Production Environments 🌱

AWS Nuke is not for your live, running applications — it’s best for development, testing, or sandbox accounts. You know, the playgrounds where you try things out and break things on purpose. 😅 Using it in production could cause chaos, so stick to the non-critical areas.

2. After Testing or Experimenting for POCs 🧪

Did you try out some cool new service for a POC, but now your AWS account looks like a science lab? 🧬 AWS Nuke can help you clean it all up, so you don’t accidentally leave anything behind.

3. Closing an Account 🚪

If you’re done with an AWS account and want to close it out, AWS Nuke ensures there’s no leftover data or forgotten resources hanging around. It’s like the final sweep before moving out of a house.

4. Routine Maintenance 🗓️

Some teams schedule regular clean-ups to keep their cloud environments neat and cost-effective. 🧹 If that’s your style, AWS Nuke can be your trusted cleanup partner.

Important Tips Before Using AWS Nuke 📝

• Handle with Care: This tool can delete a lot quickly, so always double-check the list of resources it's about to remove. 🧐

• Back Up Critical Data: Make sure you’ve backed up anything important before using AWS Nuke.

• Get the Right Permissions: You’ll need proper permissions to delete things in AWS, so make sure you have the right access. 🔑

• Test First: Try it out in a small, safe environment before using it on bigger accounts. Better safe than sorry! 😉

Wrapping Up 🎁

AWS Nuke is like a superhero janitor for your AWS cloud. 🦸‍♂️🧹 It's perfect for keeping things neat and under control in development and testing environments. By using it, you can avoid clutter, save money, and keep your cloud safe.

Just remember — use it wisely! Always review the list before hitting that final "confirm" button. 👍

Think of AWS Nuke as your cloud’s cleaning service. It’s there to help you start fresh, stay organised, and make sure nothing gets lost in the shuffle. Now, with this tool in your back pocket, you’re ready to tackle the cloud chaos like a pro! 🌥️💪

Stay tuned for the next one, 📝 where we will install and use the AWS Nuke utility.