Is there a way to nuke all AWS resources in an AWS account?

amazon-web-services terraform
Phelodas picture Phelodas · Mar 30, 2017 · Viewed 14.6k times · Source

I have an AWS account where multiple EC2 instances, load balancers, target groups, security groups etc are setup by multiple owners. We use terraform to set this up but sometimes due to corruption, the state becomes inconsistent. Current mechanism to recover is to manually destroy all resources in that account owned by a particular owner. Is there an easy way to nuke all resources in an AWS account belonging to a particular owner?

Answer

Shwetabh Shekhar picture Shwetabh Shekhar · Nov 28, 2019

There is no way to delete all resources in an account owned by a particular user but there is a way to delete all resources in an account.

You can use aws-nuke which was created somewhat out of the same use case you described.

  1. At first, you need to set an account alias for your account.
  2. You must create a config file.

  3. Then you can list down all resources that will be deleted using the following command:

    aws-nuke -c config/nuke-config.yml --profile aws-nuke-example

  4. Add --no-dry-run option to permanently delete all resources in the same command.

  5. There are also multiple filter options available such as target, resource type, exclude, etc. that you can leverage to suit your needs.

Related questions

How do I create an SSH key in Terraform?

I need to spin up a bunch of EC2 boxes for different users. Each user should be sandboxed from all the others, so each EC2 box needs its own SSH key. What's the best way to accomplish this in Terraform? …

Read More
Use terraform to set up a lambda function triggered by a scheduled event source

I would like to run an AWS lambda function every five minutes. In the AWS Management Console this is easy to set up, under the lambda function's "Event Sources" tab, but how do I set it up with Terraform? I …

Read More
Terraform: correct way to attach AWS managed policies to a role?

I want to attach one of the pre-existing AWS managed roles to a policy, here's my current code: resource "aws_iam_role_policy_attachment" "sto-readonly-role-policy-attach" { role = "${aws_iam_role.sto-test-role.name}" policy_arn = "arn:aws:iam::aws:policy/ReadOnlyAccess" } Is …

Read More