cloud-nuke icon indicating copy to clipboard operation
cloud-nuke copied to clipboard
verified publisher icon gruntwork-io

Feature Request: protect resources from deletion based on a tag

Open kjhosein opened this issue 7 years ago • 14 comments

Example use case: Let's say you have a sandbox/dev account and want to use cloud-nuke to keep it clean of old artifacts, but on the other hand have resources that you're actively using and that may also be even older than your time threshold.

Solution: Tag those resources with something like 'cloud-nuke'='protect'

kjhosein avatar Nov 14 '18 00:11 kjhosein

Yea, we'd love to support:

  1. A whitelist of tags to destroy (only destroy resources with the specified tags)
  2. A blacklist of tags not to destroy (destroy anything that doesn't have the specified tags)

PRs welcome 😁

FWIW, cloud-nuke does respected the "protected" flag on EC2 Instances already...

brikis98 avatar Nov 14 '18 01:11 brikis98

I envision us allowing the user to specify tags via a CLI flag instead of defaulting to a single one

tonerdo avatar Nov 14 '18 09:11 tonerdo

Yes, exactly; the whitelist and blacklist of tags I mentioned above would be passed in as CLI args.

brikis98 avatar Nov 14 '18 12:11 brikis98

@brikis98,

I'd be happy to work on this, as it's something that would be really useful and I have a bit of spare time.

A couple of questions though: Should we have a separate method to nuke included/excluded tagged resources rather than using the existing one? What sorts of tests would you want for this? I know you are running builds using circle CI so wonder what you do about creating/tearing down resources.

SeanFarrow avatar Mar 11 '19 07:03 SeanFarrow

Should we have a separate method to nuke included/excluded tagged resources rather than using the existing one?

Not sure I follow what you're referring to by "method." Do you mean a separate top-level CLI command? Or separate Go method?

What sorts of tests would you want for this? I know you are running builds using circle CI so wonder what you do about creating/tearing down resources.

Probably a test that launches a few resources, some with tags, some without, and makes sure cloud-nuke with various tag parameters cleans up the right ones.

brikis98 avatar Mar 12 '19 19:03 brikis98

I mean a separate go method for nuking tagged resources.

From: Yevgeniy Brikman [email protected] Sent: 12 March 2019 19:04 To: gruntwork-io/cloud-nuke [email protected] Cc: Sean Farrow [email protected]; Comment [email protected] Subject: Re: [gruntwork-io/cloud-nuke] Feature Request: protect resources from deletion based on a tag (#38)

Should we have a separate method to nuke included/excluded tagged resources rather than using the existing one?

Not sure I follow what you're referring to by "method." Do you mean a separate top-level CLI command? Or separate Go method?

What sorts of tests would you want for this? I know you are running builds using circle CI so wonder what you do about creating/tearing down resources.

Probably a test that launches a few resources, some with tags, some without, and makes sure cloud-nuke with various tag parameters cleans up the right ones.

— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/gruntwork-io/cloud-nuke/issues/38#issuecomment-472139277, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ABY1fq_jndF5UMJblw7i7S4HbVJiphmwks5vV_ohgaJpZM4YcwkL.

SeanFarrow avatar Mar 12 '19 19:03 SeanFarrow

I mean a separate go method for nuking tagged resources.

I'd be tempted to say it makes sense to update the existing methods to take tags into account as well, as it should be possible to specify tags and other params (e.g., creation date).

brikis98 avatar Mar 12 '19 19:03 brikis98

I agree, let me get a PR done in the next few days.

From: Yevgeniy Brikman [email protected] Sent: 12 March 2019 19:14 To: gruntwork-io/cloud-nuke [email protected] Cc: Sean Farrow [email protected]; Comment [email protected] Subject: Re: [gruntwork-io/cloud-nuke] Feature Request: protect resources from deletion based on a tag (#38)

I mean a separate go method for nuking tagged resources.

I'd be tempted to say it makes sense to update the existing methods to take tags into account as well, as it should be possible to specify tags and other params (e.g., creation date).

— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/gruntwork-io/cloud-nuke/issues/38#issuecomment-472142789, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ABY1fvMdLW0VtGDmwrlaBc5LbCG0kXTwks5vV_yBgaJpZM4YcwkL.

SeanFarrow avatar Mar 12 '19 19:03 SeanFarrow

Thank you!

brikis98 avatar Mar 13 '19 05:03 brikis98

Has there been any progress on this (also in regards to the abovementioned PR)? I'd love to see the tag whitelist.

cloudlena avatar Aug 23 '19 13:08 cloudlena

Nothing has happened currently, I am in the process of a big house move, but will get to this when settled.

From: Tobi Fuhrimann [mailto:[email protected]] Sent: 23 August 2019 14:58 To: gruntwork-io/cloud-nuke [email protected] Cc: Sean Farrow [email protected]; Comment [email protected] Subject: Re: [gruntwork-io/cloud-nuke] Feature Request: protect resources from deletion based on a tag (#38)

Has there been any progress on this? I'd love to see the tag whitelist.

— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/gruntwork-io/cloud-nuke/issues/38?email_source=notifications&email_token=AALDK7RXDN3NTJUX3XNZHMLQF7UHPA5CNFSM4GDTBEF2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD5AJHFA#issuecomment-524325780, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AALDK7UT2L23EMAXIOCIHL3QF7UHPANCNFSM4GDTBEFQ.

SeanFarrow avatar Aug 23 '19 14:08 SeanFarrow

Has there been any update to this enhancement request?

rmarable avatar Dec 15 '19 03:12 rmarable

Not as yet, but there will be after Christmas. I now have some time and need it for a project. Thanks, Sean.

From: Rodney Marable [mailto:[email protected]] Sent: 15 December 2019 03:34 To: gruntwork-io/cloud-nuke [email protected] Cc: Sean Farrow [email protected]; Comment [email protected] Subject: Re: [gruntwork-io/cloud-nuke] Feature Request: protect resources from deletion based on a tag (#38)

Has there been any update to this enhancement request?

— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/gruntwork-io/cloud-nuke/issues/38?email_source=notifications&email_token=AALDK7RDYSHLS6VLUF57PBLQYWQTVA5CNFSM4GDTBEF2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEG4QPKA#issuecomment-565774248, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AALDK7XGYZCEBVFIH5RZDWLQYWQTVANCNFSM4GDTBEFQ.

SeanFarrow avatar Dec 15 '19 03:12 SeanFarrow

I started a PR which would allow inclusion and exclusion by a tag.

Contributions and feedback welcome: #109

aaronsteers avatar Apr 17 '20 22:04 aaronsteers

Similar issue https://github.com/gruntwork-io/cloud-nuke/issues/166. WIll close this one and continue the conversation in this issue - https://github.com/gruntwork-io/cloud-nuke/issues/166

james00012 avatar Aug 25 '23 22:08 james00012