@@ -21,6 +21,17 @@ against some resources and not others.
2121Global works by taking all filters defined under ` __global__ ` and prepends to any filters found for a resource type. If
2222a resource does NOT have any filters defined, the ` __global__ ` ones will still be used.
2323
24+ Filters can only be defined under [ presets] ( #presets ) or [ account level] ( #account-level ) configurations.
25+
26+ ``` yaml
27+ presets :
28+ example :
29+ filters :
30+ __global__ :
31+ - property : tag:Name
32+ value : " aws-nuke"
33+ ` ` `
34+
2435## Filter Groups
2536
2637!!! important
@@ -32,14 +43,16 @@ if you want to delete all resources that are tagged with `env:dev` and `namespac
3243group :
3344
3445` ` ` yaml
35- filters :
36- ResourceType :
37- - property : tag:env
38- value : dev
39- group : group1
40- - property : tag:namespace
41- value : test
42- group : group2
46+ presets:
47+ example:
48+ filters:
49+ ResourceType:
50+ - property: tag:env
51+ value: dev
52+ group: group1
53+ - property: tag:namespace
54+ value: test
55+ group: group2
4356` ` `
4457
4558In this example, the `group1` and `group2` filters are AND'd together. This means that a resource must match both filters
@@ -54,21 +67,26 @@ In this example, we are ignoring all resources that have the tag `aws-nuke` set
5467a specific instance by its `id`. When the `EC2Instance` resource is processed, it will have both filters applied. These
5568
5669` ` ` yaml
57- __global__:
58- - property: tag:aws-nuke
59- value: "ignore"
60-
61- EC2Instance:
62- - "i-01b489457a60298dd"
70+ presets:
71+ example:
72+ filters:
73+ __global__:
74+ - property: tag:aws-nuke
75+ value: "ignore"
76+ EC2Instance:
77+ - "i-01b489457a60298dd"
6378` ` `
6479
6580This will ultimately render as the following filters for the `EC2Instance` resource :
6681
6782` ` ` yaml
68- EC2Instance:
69- - "i-01b489457a60298dd"
70- - property: tag:aws-nuke
71- value: "ignore"
83+ presets:
84+ example:
85+ filters:
86+ EC2Instance:
87+ - "i-01b489457a60298dd"
88+ - property: tag:aws-nuke
89+ value: "ignore"
7290` ` `
7391
7492# # Types
@@ -89,9 +107,12 @@ These types can be used to simplify the configuration. For example, it is possib
89107single user by using `glob` :
90108
91109` ` ` yaml
92- IAMUserAccessKey:
93- - type: glob
94- value: "admin -> *"
110+ presets:
111+ example:
112+ filters:
113+ IAMUserAccessKey:
114+ - type: glob
115+ value: "admin -> *"
95116` ` `
96117
97118# ## Exact
@@ -101,20 +122,26 @@ The identifier must exactly match the given string. **This is the default.**
101122Exact is just that, an exact match to a resource. The following examples are identical for the `exact` filter.
102123
103124` ` ` yaml
104- IAMUser:
105- - AWSNukeUser
106- - type: exact
107- value: AWSNukeUser
125+ presets:
126+ example:
127+ filters:
128+ IAMUser:
129+ - AWSNukeUser
130+ - type: exact
131+ value: AWSNukeUser
108132` ` `
109133
110134# ## Contains
111135
112136The `contains` filter is a simple string contains match. The following examples are identical for the `contains` filter.
113137
114138` ` ` yaml
115- IAMUser:
116- - type: contains
117- value: Nuke
139+ presets:
140+ example:
141+ filters:
142+ IAMUser:
143+ - type: contains
144+ value: Nuke
118145` ` `
119146
120147# ## Glob
@@ -124,9 +151,12 @@ wildcards like `*` and `?`. Note that globbing is designed for file paths, so th
124151separator (`/`). Details about the glob pattern can be found in the [library documentation](https://godoc.org/github.com/mb0/glob)
125152
126153` ` ` yaml
127- IAMUser:
128- - type: glob
129- value: "AWSNuke*"
154+ presets:
155+ example:
156+ filters:
157+ IAMUser:
158+ - type: glob
159+ value: "AWSNuke*"
130160` ` `
131161
132162# ## Regex
@@ -135,9 +165,12 @@ The identifier must match against the given regular expression. Details about th
135165in the [library documentation](https://golang.org/pkg/regexp/syntax/).
136166
137167` ` ` yaml
138- IAMUser:
139- - type: regex
140- value: "AWSNuke.*"
168+ presets:
169+ example:
170+ filters:
171+ IAMUser:
172+ - type: regex
173+ value: "AWSNuke.*"
141174` ` `
142175
143176# ## DateOlderThan
@@ -166,10 +199,13 @@ The value from the property is parsed as a timestamp and the following are the s
166199In the follow example we are filtering EC2 Images that have a `CreationDate` older than 1 hour.
167200
168201` ` ` yaml
169- EC2Image:
170- - type: dateOlderThan
171- property: CreationDate
172- value: 1h
202+ presets:
203+ example:
204+ filters:
205+ EC2Image:
206+ - type: dateOlderThan
207+ property: CreationDate
208+ value: 1h
173209` ` `
174210
175211# ## DateOlderThanNow
@@ -193,11 +229,14 @@ to the modified time. **Note:** you almost always want the value to be negative.
193229# ### Example with Invert
194230
195231` ` ` yaml
196- IAMRole:
197- - type: dateOlderThanNow
198- property: LastUsedDate
199- value: -12h
200- invert: true
232+ presets:
233+ example:
234+ filters:
235+ IAMRole:
236+ - type: dateOlderThanNow
237+ property: LastUsedDate
238+ value: -12h
239+ invert: true
201240` ` `
202241
203242If the current time is `2024-10-15T00:00:00Z`, then the modified now time is `2024-10-14T12:00:00Z`.
@@ -227,20 +266,26 @@ These types can be used to simplify the configuration. For example, it is possib
227266of a single user :
228267
229268` ` ` yaml
230- IAMUserAccessKey:
231- - property: UserName
232- value: "admin"
269+ presets:
270+ example:
271+ filters:
272+ IAMUserAccessKey:
273+ - property: UserName
274+ value: "admin"
233275` ` `
234276
235277# # Inverting
236278
237279Any filter result can be inverted by using `invert : true`, for example:
238280
239281` ` ` yaml
240- CloudFormationStack:
241- - property: Name
242- value: "foo"
243- invert: true
282+ presets:
283+ example:
284+ filters:
285+ CloudFormationStack:
286+ - property: Name
287+ value: "foo"
288+ invert: true
244289` ` `
245290
246291In this case *any* CloudFormationStack ***but*** the ones called "foo" will be filtered. Be aware that *aws-nuke*
@@ -252,10 +297,13 @@ It is also possible to use Filter Properties and Filter Types together. For exam
252297specific TLD :
253298
254299` ` ` yaml
255- Route53HostedZone:
256- - property: Name
257- type: glob
258- value: "*.rebuy.cloud."
300+ presets:
301+ example:
302+ filters:
303+ Route53HostedZone:
304+ - property: Name
305+ type: glob
306+ value: "*.rebuy.cloud."
259307` ` `
260308
261309# # Account Level
@@ -366,7 +414,7 @@ account-blocklist:
366414resource-types:
367415 # Specifying this in the configuration will ensure that only these three
368416 # resources are targeted by aws-nuke during it's run.
369- targets :
417+ includes :
370418 - S3Object
371419 - S3Bucket
372420 - IAMRole
@@ -392,8 +440,8 @@ accounts:
392440 555133742: {}
393441` ` `
394442
395- If targets are specified in multiple places (e.g. CLI and account specific), then a resource type must be specified in
396- all places. In other words each configuration limits the previous ones.
443+ If `includes` are specified in multiple places (e.g. CLI and account specific), then a resource type must be specified
444+ in all places. In other words each configuration limits the previous ones.
397445
398446If an exclude is used, then all its resource types will not be deleted.
399447
@@ -405,5 +453,5 @@ aws-nuke resource-types
405453
406454It is also possible to include and exclude resources using the command line arguments :
407455
408- - The `--target ` flag limits nuking to the specified resource types.
409- - The `--exclude` flag prevent nuking of the specified resource types.
456+ - The `--include ` flag limits nuking to the specified resource types.
457+ - The `--exclude` flag prevent nuking of the specified resource types.
0 commit comments