Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tune aws-nuke: skip S3Objects, include RedShift #117

Merged
merged 6 commits into from
Jun 26, 2021
Merged

Tune aws-nuke: skip S3Objects, include RedShift #117

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
361a55d
Tune aws-nuke: skip S3Objects, include RedShift
Nuru Jun 26, 2021
fe4be31
Update to current aws-nuke version
Nuru Jun 26, 2021
22c32e1
Update Geodesic, install Terraform 0.15 and 1.x
Nuru Jun 26, 2021
355a7a7
Disable nightly Docker builds
Nuru Jun 26, 2021
3c433f0
Delete OIDC connectors
Nuru Jun 26, 2021
094d26a
Delete ECS Task Definitions
Nuru Jun 26, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 24 additions & 4 deletions .github/aws-nuke.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ regions:
#- us-west-1
#- us-west-2

account-blacklist:
account-blocklist:
- "999999999999" # production

resource-types:
Expand All @@ -17,7 +17,9 @@ resource-types:
- IAMPolicy
- IAMGroup
- IAMGroupPolicyAttachment
- S3Object
# Deleting S3 Objects individually takes too long. We are either going to
# delete the entire S3 bucket or nothing in it, so we skip S3Object
# - S3Object
- S3Bucket
- AutoScalingGroup
- EC2Address
Expand All @@ -38,8 +40,9 @@ resource-types:
- EC2KeyPair
- ECSService
- ECSCluster
- ECSTaskDefinition
- EKSCluster
- EKSFargateProfile
- EKSFargateProfiles
- EKSNodegroups
- ELBLoadBalancer
- ELBv2
Expand All @@ -53,7 +56,16 @@ resource-types:
- Route53ResourceRecordSet
- Route53HostedZone
- ESDomain

- RedshiftCluster
- RedshiftParameterGroup
# You cannot delete automated Redshift Snapshots, and trying to delete
# them causes aws-nuke to exit with failure. Since we are not taking
# manual snapshots, we do not need to worry about them, but if we did,
# we should create a filter that leaves the automated snapshots alone.
# - RedshiftSnapshot
- RedshiftSubnetGroup
- IAMOpenIDConnectProvider

# don't nuke IAM users
excludes:
- IAMUser
Expand Down Expand Up @@ -203,6 +215,10 @@ presets:
- property: "tag:Name"
type: "regex"
value: "^cpco-.*"
ECSTaskDefinition:
- property: "tag:Name"
type: "regex"
value: "^cpco-.*"
EKSCluster:
- type: "regex"
value: "^cpco-.*"
Expand Down Expand Up @@ -270,6 +286,10 @@ presets:
IAMGroupPolicyAttachment:
- type: "regex"
value: "^cpco-.*"
IAMOpenIDConnectProvider:
- property: "tag:Name"
type: "regex"
value: "^cpco-.*"
Route53ResourceRecordSet:
- property: "Name"
type: "exact"
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/aws-nuke.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:
- name: checkout
uses: actions/checkout@v1
- name: aws-nuke
uses: "docker://quay.io/rebuy/aws-nuke:v2.14.0"
uses: "docker://quay.io/rebuy/aws-nuke:v2.15.0"
with:
args: "--config .github/aws-nuke.yaml --force"
env:
Expand All @@ -34,7 +34,7 @@ jobs:
- name: checkout
uses: actions/checkout@v1
- name: aws-nuke
uses: "docker://quay.io/rebuy/aws-nuke:v2.14.0"
uses: "docker://quay.io/rebuy/aws-nuke:v2.15.0"
with:
args: "--config .github/aws-nuke.yaml --force --no-dry-run"
env:
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/docker.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@ on:
release:
types:
- created
schedule:
- cron: '0 0 * * *'
# schedule:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why disable?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know why we want to build this nightly. It is pinned to a Geodesic version and we do not update Geodesic that often. It just seems a waste of resources to build it nightly.

# - cron: '0 0 * * *'
jobs:
build-and-push:
runs-on: ubuntu-latest
Expand Down
20 changes: 11 additions & 9 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
ARG VERSION=0.141.1
ARG VERSION=0.146.4
ARG OS=alpine
FROM cloudposse/geodesic:$VERSION-$OS

Expand Down Expand Up @@ -37,19 +37,21 @@ ENV AWS_DEFAULT_PROFILE="${NAMESPACE}-${STAGE}-admin"
ENV AWS_MFA_PROFILE="${NAMESPACE}-root-admin"

# Install go for running terratest
RUN apk add go
RUN apk add -uU go

## Install terraform-config-inspect (required for bats tests)
ENV GO111MODULE="on"
RUN go get github.com/hashicorp/terraform-config-inspect && \
mv $(go env GOPATH)/bin/terraform-config-inspect /usr/local/bin/

# Install terraform 0.11 for backwards compatibility
RUN apk add terraform@cloudposse \
terraform-0.11@cloudposse \
terraform-0.12@cloudposse \
terraform-0.13@cloudposse \
terraform-0.14@cloudposse
# Install every "major" version of Terraform so we can use whichever one we want
RUN apk add -uU terraform@cloudposse \
terraform-0.11@cloudposse \
terraform-0.12@cloudposse \
terraform-0.13@cloudposse \
terraform-0.14@cloudposse \
terraform-0.15@cloudposse \
terraform-1@cloudposse

# Use aws-vault for credentials
ENV AWS_VAULT_ENABLED=true
Expand All @@ -61,7 +63,7 @@ ENV AWS_VAULT_ENABLED=true
# https://github.com/99designs/aws-vault/issues/689
# and until IMDSv2 is supported, aws-vault server does not work with kops 1.18
# https://github.com/99designs/aws-vault/issues/690
RUN apk add -u aws-vault@cloudposse~=4
RUN apk add -uU aws-vault@cloudposse~=4

# Filesystem entry for tfstate
RUN s3 fstab '${TF_BUCKET}' '/' '/secrets/tf'
Expand Down