A Beginner’s Guide to Using Cloud-Nuke: Using Cloud-Nuke for Safe and Controlled Cleanup

Working with AWS cloud services is exciting—until your bill starts skyrocketing because you can’t locate all the running services. This was my reality a few days ago. One of the main reasons to use cloud providers is to reduce costs and pay only for the resources you use, but this can be tricky if you’re unable to manage those resources effectively.

In this article, I’ll introduce you to a powerful tool for cleaning up your AWS account quickly and efficiently. If you don’t want to manually manage your resources or use Terraform destroy, this tool is a great alternative that can be easily run from your console.

Introducing Cloud-Nuke

Cloud-Nuke is an open-source tool available on GitHub. It’s designed to delete all AWS resources within an account or clean up the account, saving you from manual clean-up tasks.

1. How to Install Gruntwork’s Cloud-Nuke

macOS or Linux

For macOS or Linux users, installation is straightforward. Simply run:

brew install cloud-nuke

Windows

For Windows users, you can install it via Winget with the command:

winget install cloud-nuke

If installing via Winget doesn’t work, you can manually download and install the Cloud-Nuke via GitHub:

1. Visit the Cloud-Nuke GitHub releases page.
2. Download the latest release for Windows (usually a .zip file).
3. Extract the .zip file to a directory of your choice.
4. Add the directory containing cloud-nuke.exe to your PATH:
   • Open the Start Menu, search for "Environment Variables," and select "Edit the system environment variables."
   • In the System Properties window, click on "Environment Variables."
   • In the "System variables" section, find and select the Path variable, then click "Edit."
   • Click "New" and paste the path to the directory where cloud-nuke.exe is located.
   • Click "OK" to close all windows.

To verify the installation, run the command:

cloud-nuke

2. Setting Up AWS Credentials

Before using Cloud-Nuke, you need to export your AWS access key, secret key, and region as environment variables. Use the following commands:

export AWS_ACCESS_KEY="<PLACE_YOUR_AWS_ACCESS_KEY>"
export AWS_SECRET_KEY="<PLACE_YOUR_AWS_SECRET_KEY>"
export AWS_REGION="<PLACE_YOUR_AWS_REGION_NAME>"

You can find these details by navigating to your AWS console:

• On the top right corner under your username, click on My Security Credentials.
• Navigate to Access keys (access key ID and secret access key).

• Ensure the key status is ACTIVE.

3. Deleting All AWS Resources with Cloud-Nuke

Warning: Running Cloud-Nuke will delete all the resources in your AWS account, so proceed with caution as there’s no going back!

To delete all AWS resources, simply run:

cloud-nuke aws

This command will display the types and quantities of resources that are about to be deleted. It will then ask for confirmation before proceeding. To confirm, type nuke and hit enter.

4. Deleting Resources in a Specific AWS Region

If you want to delete resources in a specific region, you can specify the region using the --region flag:

cloud-nuke aws --region us-east-1

This will only affect resources in the us-east-1 region.

5. Listing Supported Resource Types

Cloud-Nuke doesn’t support all AWS resources. To list the supported resource types, run:

cloud-nuke aws --list-resource-types

6. Excluding Resources from Deletion

To exclude specific resources from being deleted, use the --exclude-resource-type flag:

cloud-nuke aws --exclude-resource-type s3 --exclude-resource-type ec2

7. Excluding Resources by Age

If you only want to delete resources that were created before a certain period, use the --older-than flag:

cloud-nuke aws --older-than 24h

8. Targeting Specific Resource Types

To target specific resource types, use the --resource-type flag:

cloud-nuke aws --resource-type ec2 --resource-type ami

This will focus the deletion process only on ec2 and ami resources. You can also use this flag to speed up the search process.

To inspect specific resource types without deleting them, run:

cloud-nuke inspect-aws --resource-type ec2

9. Protecting Resources with the cloud-nuke-after Tag

To protect resources from accidental or premature deletion, you can tag them with cloud-nuke-after and specify a future date in the format 2024-07-09T00:00:00Z. This ensures that the resources remain intact until their designated expiration date.

By using Cloud-Nuke, you can take control of your AWS resources and prevent unexpected cost spikes. However, always use this tool with caution, especially in production environments, as it can have significant consequences on your infrastructure. Happy nuking!