aws-nuke: Add separate config for legacy + fixes

rhpds · Oct 2, 2024 · a69af6c · a69af6c
1 parent 5c06812
commit a69af6c
Show file tree

Hide file tree

Showing 3 changed files with 57 additions and 7 deletions.
diff --git a/playbooks/roles/infra-aws-sandbox/tasks/reset.yml b/playbooks/roles/infra-aws-sandbox/tasks/reset.yml
@@ -65,6 +65,11 @@
         src: "{{ role_path }}/templates/nuke-config.yml.j2"
         dest: "{{ output_dir }}/{{ account_name }}_nuke-config.yml"
 
+    - name: Generate config file for aws-nuke-legacy
+      template:
+        src: "{{ role_path }}/templates/nuke-config-legacy.yml.j2"
+        dest: "{{ output_dir }}/{{ account_name }}_nuke-config-legacy.yml"
+
     - name: Run aws-nuke on sandbox account
       command: >-
         {{ aws_nuke_binary_path }} nuke --profile {{ account_name }}
@@ -122,7 +127,7 @@
       # be on the safe side, run the official (unmaintained) binary
       command: >-
         {{ aws_nuke_lecacy_binary_path }} --profile {{ account_name }}
-        -c "{{ output_dir }}/{{ account_name }}_nuke-config.yml"
+        -c "{{ output_dir }}/{{ account_name }}_nuke-config-legacy.yml"
         --no-dry-run
         --force
       args:

diff --git a/playbooks/roles/infra-aws-sandbox/templates/nuke-config-legacy.yml.j2 b/playbooks/roles/infra-aws-sandbox/templates/nuke-config-legacy.yml.j2
@@ -0,0 +1,21 @@
+---
+regions: {{ ( all_regions + ['global'] ) | to_json }}
+
+account-blocklist: {{ aws_nuke_account_blacklist | to_json }}
+
+feature-flags:
+  disable-deletion-protection:
+    RDSInstance: true
+    EC2Instance: true
+    CloudformationStack: true
+    ELBv2: true
+    QLDBLedger: true
+
+accounts:
+  "{{ account_id }}":
+    filters: {{ aws_nuke_filters_default | combine(aws_nuke_filters) | to_json }}
+
+resource-types:
+  excludes:
+    # don't nuke OpenSearch Packages, see https://github.com/rebuy-de/aws-nuke/issues/1123
+    - OSPackage
diff --git a/playbooks/roles/infra-aws-sandbox/templates/nuke-config.yml.j2 b/playbooks/roles/infra-aws-sandbox/templates/nuke-config.yml.j2
@@ -4,12 +4,16 @@ regions: {{ ( all_regions + ['global'] ) | to_json }}
 blocklist: {{ aws_nuke_account_blacklist | to_json }}
 
 settings:
-  disable-deletion-protection:
-    RDSInstance: true
-    EC2Instance: true
-    CloudformationStack: true
-    ELBv2: true
-    QLDBLedger: true
+  EC2Instance:
+    DisableDeletionProtection: true
+  RDSInstance:
+    DisableDeletionProtection: true
+  CloudformationStack:
+    DisableDeletionProtection: true
+  ELBv2:
+    DisableDeletionProtection: true
+  QLDBLedger:
+    DisableDeletionProtection: true
 
 accounts:
   "{{ account_id }}":
@@ -18,4 +22,24 @@ accounts:
 resource-types:
   excludes:
     # don't nuke OpenSearch Packages, see https://github.com/rebuy-de/aws-nuke/issues/1123
+    - AmazonML
+    - Cloud9Environment
+    - CloudSearchDomain
+    - CodeStarProject
+    - FMSNotificationChannel
+    - FMSPolicy
+    - MachineLearningBranchPrediction
+    - MachineLearningDataSource
+    - MachineLearningEvaluation
+    - MachineLearningMLModel
     - OSPackage
+    - OpsWorksApp
+    - OpsWorksCMBackup
+    - OpsWorksCMServer
+    - OpsWorksCMServerState
+    - OpsWorksInstance
+    - OpsWorksLayer
+    - OpsWorksUserProfile
+    - RoboMakerRobotApplication
+    - RoboMakerSimulationApplication
+    - RoboMakerSimulationJob