Skip to content

Commit

Permalink
Update to use ekristen aws-nuke
Browse files Browse the repository at this point in the history
The original aws-nuke has been officially deprecated in favor of ekristen's fork. This updates the action to use this binary, and also updates the config file for use with this new binary.
  • Loading branch information
nb1701 committed Sep 9, 2024
1 parent 48bd483 commit de87f7e
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 17 deletions.
10 changes: 5 additions & 5 deletions .github/workflows/e2e-test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -40,9 +40,9 @@ jobs:
- id: get-nuke
name: Get aws-nuke
run: |
wget https://github.com/rebuy-de/aws-nuke/releases/download/v2.25.0/aws-nuke-v2.25.0-linux-amd64.tar.gz -O aws-nuke-v2.25.0-linux-amd64.tar.gz
tar -xzf aws-nuke-v2.25.0-linux-amd64.tar.gz
sudo mv aws-nuke-v2.25.0-linux-amd64 /aws-nuke
wget https://github.com/ekristen/aws-nuke/releases/download/v3.17.3/aws-nuke-v3.17.3-linux-amd64.tar.gz -O aws-nuke-v3.17.3-linux-amd64.tar.gz
tar -xzf aws-nuke-v3.17.3-linux-amd64.tar.gz
sudo mv aws-nuke-v3.17.3-linux-amd64 /aws-nuke
sudo chmod u+x /aws-nuke
- id: get-aws-creds
Expand All @@ -54,7 +54,7 @@ jobs:
aws-region: us-east-1

- name: Pre nuke
run: /aws-nuke --config $GITHUB_WORKSPACE/cloud-deploy-infra/e2e-test/nuke.yaml --no-dry-run --force --force-sleep=3
run: /aws-nuke run --config $GITHUB_WORKSPACE/cloud-deploy-infra/e2e-test/nuke.yaml --no-dry-run --force --force-sleep=3

- name: Run bin/setup
run: |
Expand All @@ -73,7 +73,7 @@ jobs:
with:
timeout_minutes: 10
max_attempts: 3
command: /aws-nuke --config $GITHUB_WORKSPACE/cloud-deploy-infra/e2e-test/nuke.yaml --no-dry-run --force --force-sleep=3
command: /aws-nuke run --config $GITHUB_WORKSPACE/cloud-deploy-infra/e2e-test/nuke.yaml --no-dry-run --force --force-sleep=3
- name: Notify Slack Complete
if: always()
uses: slackapi/slack-github-action@v1
Expand Down
39 changes: 27 additions & 12 deletions e2e-test/nuke.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,40 @@ regions:
- us-east-1
- global

account-blocklist:
blocklist:
- "664198874744"
- "305584670637"
- "496466114051"
- "559421412203"
- "859704899281"
- "098472360576"

# A lot of these are ones that aws-nuke can't read anyway, either because
# the service is no longer supported or isn't enabled for our accounts.
# Excluding them saves time when aws-nuke is doing its initial query and
# prevents errors that are not really errors from showing up.
resource-types:
excludes:
- AppStreamImage
- CloudSearchDomain
- CodeStarProject
- ElasticacheCacheParameterGroup
- FMSNotificationChannel
- FMSPolicy
- MachineLearningBranchPrediction
- MachineLearningDataSource
- MachineLearningEvaluation
- MachineLearningMLModel
- OpsWorksApp
- OpsWorksCMBackup
- OpsWorksCMServer
- OpsWorksCMServerState
- OpsWorksInstance
- OpsWorksLayer
- OpsWorksUserProfile
- OSPackage
- ResourceExplorer2Index

accounts:
"296877675213": # civiform-deploy-e2e-tests AWS account.
filters:
Expand All @@ -23,8 +49,6 @@ accounts:
IAMRole:
- "OrganizationAccountAccessRole"
- "e2e-test-runner"
- property: "Name"
regex: "^AWSReservedSSO_.+$"
- property: "Name"
type: glob
value: "*-deploy-action"
Expand All @@ -34,21 +58,12 @@ accounts:
IAMRolePolicyAttachment:
- "OrganizationAccountAccessRole -> AdministratorAccess"
- "e2e-test-runner -> AdministratorAccess"
- property: "RoleName"
regex: "^AWSReservedSSO_.+$"
- property: "RoleName"
type: glob
value: "*-deploy-action"
IAMSAMLProvider:
- type: glob
value: "arn:aws:iam::*:saml-provider/AWSSSO_*"
OpsWorksUserProfile:
- type: glob
value: "arn:aws:sts::*:assumed-role/OrganizationAccountAccessRole/*"
OSPackage:
- property: "PackageName"
type: regex
value: "^(analysis-\\w+|amazon-personalized-ranking)*"
IAMUser:
- 'e2e-test-runner'
IAMUserAccessKey:
Expand Down

0 comments on commit de87f7e

Please sign in to comment.