Merge pull request #18 from rebuy-de/cloud-1047-nuke-multiple-regions

Cloud 1047 nuke multiple regions

README.md

@@ -0,0 +1,24 @@
+# aws-nuke
+Nuke a whole AWS account
+
+## Usage
+
+```
+Usage:
+  aws-nuke [flags]
+  aws-nuke [command]
+
+Available Commands:
+  version     shows version of this application
+
+Flags:
+      --access-key-id string       AWS access-key-id
+  -c, --config string              path to config (required)
+      --force                      don't ask for confirmation
+      --no-dry-run                 actualy delete found resources
+      --profile string             profile name to nuke
+      --secret-access-key string   AWS secret-access-key
+  -t, --target stringSlice         limit nuking to certain resource types (eg IamServerCertificate)
+
+Use "aws-nuke [command] --help" for more information about a command.
+```

cmd/config.go

@@ -8,7 +8,7 @@ import (
 
 type NukeConfig struct {
 	AccountBlacklist []string                     `yaml:"account-blacklist"`
-	Region           string                       `yaml:"region"`
+	Regions          []string                     `yaml:"regions"`
 	Accounts         map[string]NukeConfigAccount `yaml:"accounts"`
 }
 

cmd/config_test.go

@@ -56,7 +56,7 @@ func TestLoadExampleConfig(t *testing.T) {
 
 	expect := NukeConfig{
 		AccountBlacklist: []string{"1234567890"},
-		Region:           "eu-west-1",
+		Regions:          []string{"eu-west-1"},
 		Accounts: map[string]NukeConfigAccount{
 			"555133742": NukeConfigAccount{
 				Filters: map[string][]string{

cmd/nuke.go

@@ -20,7 +20,7 @@ type Nuke struct {
 	accountConfig NukeConfigAccount
 	accountID     string
 	accountAlias  string
-	session       *session.Session
+	sessions      map[string]*session.Session
 
 	ForceSleep time.Duration
 
@@ -37,39 +37,41 @@ func NewNuke(params NukeParameters) *Nuke {
 }
 
 func (n *Nuke) StartSession() error {
-	if n.Parameters.hasProfile() {
-		s := session.New(&aws.Config{
-			Region:      &n.Config.Region,
-			Credentials: credentials.NewSharedCredentials("", n.Parameters.Profile),
-		})
-
-		if s == nil {
-			return fmt.Errorf("Unable to create session with profile '%s'.", n.Parameters.Profile)
+	n.sessions = make(map[string]*session.Session)
+	for _, region := range n.Config.Regions {
+		if n.Parameters.hasProfile() {
+			n.sessions[region] = session.Must(session.NewSessionWithOptions(session.Options{
+				Config:  aws.Config{Region: aws.String(region)},
+				Profile: n.Parameters.Profile,
+			}))
+
+			if n.sessions[region] == nil {
+				return fmt.Errorf("Unable to create session with profile '%s'.", n.Parameters.Profile)
+			}
 		}
 
-		n.session = s
-		return nil
-	}
+		if n.Parameters.hasKeys() {
+			n.sessions[region] = session.Must(session.NewSessionWithOptions(session.Options{
+				Config: aws.Config{
+					Region: aws.String(region),
+					Credentials: credentials.NewStaticCredentials(
+						n.Parameters.AccessKeyID,
+						n.Parameters.SecretAccessKey,
+						"",
+					)}}))
+
+			if n.sessions[region] == nil {
+				return fmt.Errorf("Unable to create session with key ID '%s'.", n.Parameters.AccessKeyID)
+			}
 
-	if n.Parameters.hasKeys() {
-		s := session.New(&aws.Config{
-			Region: &n.Config.Region,
-			Credentials: credentials.NewStaticCredentials(
-				n.Parameters.AccessKeyID,
-				n.Parameters.SecretAccessKey,
-				"",
-			),
-		})
-
-		if s == nil {
-			return fmt.Errorf("Unable to create session with key ID '%s'.", n.Parameters.AccessKeyID)
 		}
 
-		n.session = s
-		return nil
 	}
 
-	return fmt.Errorf("You have to specify a profile or credentials.")
+	if len(n.sessions) < 1 {
+		return fmt.Errorf("You have to specify a profile or credentials for at least one region.")
+	}
+	return nil
 }
 
 func (n *Nuke) Run() error {
@@ -136,7 +138,6 @@ func (n *Nuke) Run() error {
 		} else {
 			failCount = 0
 		}
-
 		if n.items.Count(ItemStateNew, ItemStatePending, ItemStateFailed, ItemStateWaiting) == 0 {
 			break
 		}
@@ -151,12 +152,13 @@ func (n *Nuke) Run() error {
 }
 
 func (n *Nuke) ValidateAccount() error {
-	identOutput, err := sts.New(n.session).GetCallerIdentity(nil)
+	sess := n.sessions[n.Config.Regions[0]]
+	identOutput, err := sts.New(sess).GetCallerIdentity(nil)
 	if err != nil {
 		return err
 	}
 
-	aliasesOutput, err := iam.New(n.session).ListAccountAliases(nil)
+	aliasesOutput, err := iam.New(sess).ListAccountAliases(nil)
 	if err != nil {
 		return err
 	}
@@ -201,23 +203,26 @@ func (n *Nuke) ValidateAccount() error {
 }
 
 func (n *Nuke) Scan() error {
-	scanner := Scan(n.session)
 	queue := make(Queue, 0)
 
-	for item := range scanner.Items {
-		if !n.Parameters.WantsTarget(item.Service) {
-			continue
-		}
+	for _, region := range n.Config.Regions {
+		sess := n.sessions[region]
+		scanner := Scan(sess)
+		for item := range scanner.Items {
+			if !n.Parameters.WantsTarget(item.Service) {
+				continue
+			}
 
-		queue = append(queue, item)
-		n.Filter(item)
-		item.Print()
-	}
+			queue = append(queue, item)
+			n.Filter(item)
+			item.Print()
+		}
+		if scanner.Error != nil {
+			fmt.Printf("Scaner found an error %s \n", scanner.Error)
+			return scanner.Error
+		}
 
-	if scanner.Error != nil {
-		return scanner.Error
 	}
-
 	fmt.Printf("Scan complete: %d total, %d nukeable, %d filtered.\n\n",
 		queue.CountTotal(), queue.Count(ItemStateNew), queue.Count(ItemStateFiltered))
 
@@ -243,7 +248,7 @@ func (n *Nuke) Filter(item *Item) {
 	}
 
 	for _, filter := range filters {
-		if filter == item.Resource.String() {
+		if strings.HasPrefix(item.Resource.String(), filter) {
 			item.State = ItemStateFiltered
 			item.Reason = "filtered by config"
 			return

config/example.yaml

@@ -1,5 +1,6 @@
 ---
-region: eu-west-1
+regions:
+  - "eu-west-1"
 account-blacklist:
 - 1234567890
 

resources/autoscaling-groups.go

@@ -1,6 +1,8 @@
 package resources
 
 import (
+	"fmt"
+
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/autoscaling"
 )
@@ -15,16 +17,18 @@ func (n *AutoScalingNuke) ListGroups() ([]Resource, error) {
 	resources := make([]Resource, 0)
 	for _, asg := range resp.AutoScalingGroups {
 		resources = append(resources, &AutoScalingGroup{
-			svc:  n.Service,
-			name: asg.AutoScalingGroupName,
+			svc:    n.Service,
+			name:   asg.AutoScalingGroupName,
+			region: n.Service.Config.Region,
 		})
 	}
 	return resources, nil
 }
 
 type AutoScalingGroup struct {
-	svc  *autoscaling.AutoScaling
-	name *string
+	svc    *autoscaling.AutoScaling
+	name   *string
+	region *string
 }
 
 func (asg *AutoScalingGroup) Remove() error {
@@ -42,5 +46,5 @@ func (asg *AutoScalingGroup) Remove() error {
 }
 
 func (asg *AutoScalingGroup) String() string {
-	return *asg.name
+	return fmt.Sprintf("%s in %s ", *asg.name, *asg.region)
 }

resources/cloudformation-stack.go

@@ -1,6 +1,10 @@
 package resources
 
-import "github.com/aws/aws-sdk-go/service/cloudformation"
+import (
+	"fmt"
+
+	"github.com/aws/aws-sdk-go/service/cloudformation"
+)
 
 func (n *CloudFormationNuke) ListStacks() ([]Resource, error) {
 	resp, err := n.Service.DescribeStacks(nil)
@@ -11,16 +15,18 @@ func (n *CloudFormationNuke) ListStacks() ([]Resource, error) {
 	resources := make([]Resource, 0)
 	for _, stack := range resp.Stacks {
 		resources = append(resources, &CloudFormationStack{
-			svc:  n.Service,
-			name: stack.StackName,
+			svc:    n.Service,
+			name:   stack.StackName,
+			region: n.Service.Config.Region,
 		})
 	}
 	return resources, nil
 }
 
 type CloudFormationStack struct {
-	svc  *cloudformation.CloudFormation
-	name *string
+	svc    *cloudformation.CloudFormation
+	name   *string
+	region *string
 }
 
 func (cfs *CloudFormationStack) Remove() error {
@@ -31,5 +37,5 @@ func (cfs *CloudFormationStack) Remove() error {
 }
 
 func (csf *CloudFormationStack) String() string {
-	return *csf.name
+	return fmt.Sprintf("%s in %s", *csf.name, *csf.region)
 }