Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

support nuking iam-roles #251

Closed
wants to merge 2 commits into from
Closed

Conversation

ekristen
Copy link
Contributor

@ekristen ekristen commented Nov 17, 2021

This implements the ability to nuke IAM roles, but is hardcoded is ignore any AWS service or AWS reserved role and the OrganizationAccountAccessRole (default role created when using AWS Organizations)

This also adds a new config stanza that allows roles to be excluded/included just like IAM Users.

  • Add Documentation for IAM Roles
  • Add Tests for IAM Roles
  • Add Code for IAM Roles

Since this PR #165 is stale and I needed the feature I implemented in this PR.

@denis256
Copy link
Member

denis256 commented Dec 9, 2021

Noticed failing tests

TestCreateIamRole
TestTimeFilterExclusionNewlyCreatedIamRole

failing-test-log.txt

Since AWS API is "eventually consistent" most probably should be added retries to check IAM role got created

@brikis98
Copy link
Member

Important note: we run cloud-nuke against several Gruntwork accounts, and those accounts have IAM roles that we use to access them, so we want to be sure we don't accidentally nuke those very IAM roles! Please make sure to double check the config in https://github.com/gruntwork-io/cloud-nuke/blob/master/.circleci/config.yml#L32-L62 won't blow away those IAM roles before merging.

@svenfinke
Copy link

What is the status with this PR? It would be great if roles are included in the nuke!

@ddvdozuki
Copy link

Yea, this is a huge feature I've been waiting on. Hopefully it gets reviewed and merged soon. Cloud nuke leaves behind many resources that are not yet supported :(

@zackproser
Copy link
Contributor

@ekristen I adopted your changes into #330 and released it here: https://github.com/gruntwork-io/cloud-nuke/releases/tag/v0.14.0

Thank you for your contribution!

@zackproser zackproser closed this Jul 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

exclude a role when nuking New feature: ability to delete IAM roles
6 participants