aws-nuke icon indicating copy to clipboard operation
aws-nuke copied to clipboard

Published 20 hours ago verified publisher icon rebuy-de

Handling of "Explicit Denies"

Open AlexanderMannsfeld0007 opened this issue 2 years ago • 2 comments

Hi, thanks for the great tool. We are running a bigger AWS Organization, protecting resources deployed by us via SCPs, enabling teams not having to keep track of the resources deployed by us when nuking. Unfortunately the "explicit denies" when nuke is trying to delete protected resources results in an return-code >0. Therefor teams using nuke within their deployent-pipelines have a failed step, resulting in they still have to write configs filtering the already protected resources. Nice would be a parameter to steer the behaviour of nuke when running into access denies, eg like --ignore_explicit_denies. Thanks in advance & cheers.

AlexanderMannsfeld0007 avatar Apr 21 '22 12:04 AlexanderMannsfeld0007

Hello. The problem here is to detect those "explicit denies". As there is no unified API for this, we would have to implement another function to every resource, like we already do with filters and properties.

svenwltr avatar Apr 21 '22 13:04 svenwltr

I see - is there any chance for a generic parameter to enforce return-code 0?

AlexanderMannsfeld0007 avatar Apr 21 '22 13:04 AlexanderMannsfeld0007