diff --git a/Containerfile.conan b/Containerfile.conan
index a2e6429..f635809 100644
--- a/Containerfile.conan
+++ b/Containerfile.conan
@@ -9,7 +9,7 @@ RUN make sandbox-list
 FROM registry.access.redhat.com/ubi8/ubi:latest
     MAINTAINER Guillaume Coré <gucore@redhat.com>
 
-ARG AWSNUKE_VERSION=v3.26.0
+ARG AWSNUKE_VERSION=v3.35.2
 ARG AWSNUKE_LEGACY_VERSION=v2.25.0
 ARG RUSH_VERSION=v0.5.4
 
@@ -18,6 +18,7 @@ USER root
 COPY --from=builder /sandbox/build/sandbox-list /usr/local/bin/sandbox-list
 COPY conan/requirements.txt /tmp/requirements.txt
 COPY conan/requirements.yml /tmp/requirements.yml
+COPY conan/ansible.cfg /etc/ansible/ansible.cfg
 
 RUN mkdir -p -m 770  /home/opentlc-mgr/pool_management/output_dir_sandbox \
     && chmod -R 770 /home/opentlc-mgr \
diff --git a/conan/ansible.cfg b/conan/ansible.cfg
new file mode 100644
index 0000000..1eab73d
--- /dev/null
+++ b/conan/ansible.cfg
@@ -0,0 +1,2 @@
+[defaults]
+callbacks_enabled=ansible.posix.profile_tasks
diff --git a/conan/requirements.yml b/conan/requirements.yml
index 1e05097..9e00720 100644
--- a/conan/requirements.yml
+++ b/conan/requirements.yml
@@ -1,6 +1,7 @@
 ---
 collections:
 - name: amazon.aws
+- name: ansible.posix
 - name: community.aws
 - name: community.crypto
 - name: community.general
diff --git a/conan/wipe_sandbox.sh b/conan/wipe_sandbox.sh
index d278501..9b7691c 100755
--- a/conan/wipe_sandbox.sh
+++ b/conan/wipe_sandbox.sh
@@ -252,9 +252,9 @@ sandbox_reset() {
         echo "$(date -uIs) ${sandbox} $(grep -Eo 'Nuke complete: [^"]+' "${logfile}")"
 
         if [ "${debug}" = "true" ]; then
-            echo "$(date -uIs) =========BEGIN========== ${logfile}"
+            echo "$(date -uIs) =========BEGIN========== ${HOSTNAME} ${logfile}"
             cat "${logfile}"
-            echo "$(date -uIs) =========END============ ${logfile}"
+            echo "$(date -uIs) =========END============ ${HOSTNAME} ${logfile}"
         fi
 
         rm "${eventlog}"
@@ -265,9 +265,9 @@ sandbox_reset() {
         echo "$(date -uIs) ${sandbox} reset took $((duration / 60))m$((duration % 60))s"
 
         echo "$(date -uIs) ${sandbox} reset FAILED." >&2
-        echo "$(date -uIs) =========BEGIN========== ${logfile}" >&2
+        echo "$(date -uIs) =========BEGIN========== ${HOSTNAME} ${logfile}" >&2
         cat "${logfile}" >&2
-        echo "$(date -uIs) =========END============ ${logfile}" >&2
+        echo "$(date -uIs) =========END============ ${HOSTNAME} ${logfile}" >&2
         sandbox_increase_conan_cleanup_count "${sandbox}"
         echo "$(date -uIs) ${sandbox} cleanup count: $(get_conan_cleanup_count "${sandbox}")"
         sync
diff --git a/playbooks/roles/infra-aws-sandbox/files/manual_cleanup.py b/playbooks/roles/infra-aws-sandbox/files/manual_cleanup.py
index 83c5ed3..4f68e82 100644
--- a/playbooks/roles/infra-aws-sandbox/files/manual_cleanup.py
+++ b/playbooks/roles/infra-aws-sandbox/files/manual_cleanup.py
@@ -21,6 +21,24 @@
 
 client = boto3.client('ec2')
 
+# Stop all instances to save costs
+
+try:
+    response = client.describe_instances()
+
+    for reservation in response['Reservations']:
+        for instance in reservation['Instances']:
+            if instance['State']['Name'] == 'running':
+                client.stop_instances(
+                    InstanceIds=[
+                        instance['InstanceId']
+                    ]
+                )
+                print("Stopping instance: " + instance['InstanceId'])
+                changed = True
+except botocore.exceptions.ClientError as e:
+    print(e)
+
 try:
     response = client.describe_vpcs()
 
diff --git a/playbooks/roles/infra-aws-sandbox/tasks/reset.yml b/playbooks/roles/infra-aws-sandbox/tasks/reset.yml
index 416a12a..10ecab2 100644
--- a/playbooks/roles/infra-aws-sandbox/tasks/reset.yml
+++ b/playbooks/roles/infra-aws-sandbox/tasks/reset.yml
@@ -45,6 +45,7 @@
         dest: "{{ output_dir }}/{{ account_name }}_nuke-config.yml"
 
     - name: Generate config file for aws-nuke-legacy
+      when: run_aws_nuke_legacy | default(false) | bool
       template:
         src: "{{ role_path }}/templates/nuke-config-legacy.yml.j2"
         dest: "{{ output_dir }}/{{ account_name }}_nuke-config-legacy.yml"
diff --git a/playbooks/roles/infra-aws-sandbox/templates/nuke-config.yml.j2 b/playbooks/roles/infra-aws-sandbox/templates/nuke-config.yml.j2
index 1f8f8f9..d42c131 100644
--- a/playbooks/roles/infra-aws-sandbox/templates/nuke-config.yml.j2
+++ b/playbooks/roles/infra-aws-sandbox/templates/nuke-config.yml.j2
@@ -28,23 +28,34 @@ resource-types:
   excludes:
     # don't nuke OpenSearch Packages, see https://github.com/rebuy-de/aws-nuke/issues/1123
     - AmazonML
-    - Cloud9Environment
-    - CloudSearchDomain
-    - CodeStarProject
-    - FMSNotificationChannel
-    - FMSPolicy
-    - MachineLearningBranchPrediction
-    - MachineLearningDataSource
-    - MachineLearningEvaluation
-    - MachineLearningMLModel
-    - OSPackage
+    - Cloud9Environment # Deprecated service
+    - CloudSearchDomain # Deprecated service
+    - CodeStarConnection # Deprecated service
+    - CodeStarNotification # Deprecated service
+    - CodeStarProject # Deprecated service
+    - FMSNotificationChannel # Excluded because it's not available
+    - FMSPolicy # Excluded because it's not available
+    - MachineLearningBranchPrediction # Excluded due to ML being unavailable
+    - MachineLearningDataSource # Excluded due to ML being unavailable
+    - MachineLearningEvaluation # Excluded due to ML being unavailable
+    - MachineLearningMLModel # Excluded due to ML being unavailable
     - OpsWorksApp
-    - OpsWorksCMBackup
-    - OpsWorksCMServer
-    - OpsWorksCMServerState
-    - OpsWorksInstance
-    - OpsWorksLayer
-    - OpsWorksUserProfile
+    - OpsWorksApp # Deprecated service
+    - OpsWorksCMBackup # Deprecated service
+    - OpsWorksCMServer # Deprecated service
+    - OpsWorksCMServerState # Deprecated service
+    - OpsWorksInstance # Deprecated service
+    - OpsWorksLayer # Deprecated service
+    - OpsWorksUserProfile # Deprecated service
+    - RedshiftServerlessNamespace # Deprecated service
+    - RedshiftServerlessSnapshot # Deprecated service
+    - RedshiftServerlessWorkgroup # Deprecated service
+    - RoboMakerDeploymentJob # Deprecated Service
+    - RoboMakerFleet # Deprecated Service
+    - RoboMakerRobot # Deprecated Service
     - RoboMakerRobotApplication
     - RoboMakerSimulationApplication
     - RoboMakerSimulationJob
+    - S3Object # Excluded because S3 bucket removal handles removing all S3Objects
+    - ServiceCatalogTagOption # Excluded due to https://github.com/rebuy-de/aws-nuke/issues/515
+    - ServiceCatalogTagOptionPortfolioAttachment # Excluded due to https://github.com/rebuy-de/aws-nuke/issues/515