Warning
Currently, nukeme
doesn't support custom aws-nuke
configuration. So please run it only for "Sandbox Cleaning" purposes.
A single CloudFormation file that deletes all resources in the running AWS account.
It uses aws-nuke
by rebuy-de binary for nuking your account.
Important
DO NOT delete CloudFormation stack manually. it will automatically destroy itself when finished.
Just Click here to deploy CloudFormation stack.
or Create stack manually with following S3 URL:
https://nukeme.s3.amazonaws.com/run
and just drink your coffee! ☕ or monitor it
This stack contains following steps:
- Create a IAM role that has AdministrarorAccess
- Create VPC & Network components
- Create single Worker Instance for
aws-nuke
- Configure Cloudwatch Agent for logging
- Download and run
aws-nuke
binary. - Delete CloudFromation stack itself.
This stack automatically creates aws-nuke
log for monitoring/debugging.
- Log group name:
nukeme-log
- Log stream name:
nukeme-worker-log
- Try Live Tail service
This stack generates following aws-nuke
configuration:
regions:
- global
- ${AWS::Region}
account-blocklist:
- "999999999999"
accounts:
"${AWS::AccountId}":
filters:
CloudFormationStack:
- "${AWS::StackName}"
EC2VPC:
- property: tag:Name
value: nukeme-vpc
EC2InternetGateway:
- property: tag:Name
value: nukeme-igw
EC2InternetGatewayAttachment:
- property: tag:igw:Name
value: nukeme-igw
EC2RouteTable:
- property: tag:Name
value: nukeme-rtb-public
EC2Subnet:
- property: tag:Name
value: nukeme-subnet-public-a
EC2SecurityGroup:
- property: tag:Name
value: nukeme-sg-worker
IAMRole:
- "nukeme-role-worker"
IAMRolePolicy:
- "nukeme-role-worker -> nukeme-policy-admin"
IAMInstanceProfile:
- "nukeme-role-worker"
IAMInstanceProfileRole:
- "nukeme-role-worker -> nukeme-role-worker"
CloudWatchLogsLogGroup:
- "nukeme-log"
EC2Instance:
- property: tag:Name
value: nukeme-worker
EC2Volume:
- property: tag:Name
value "nukeme-worker"