The nuclear option to housekeeping
cloud-nuke is a tool you can use to completely obliterate resources in your AWS account. That’s right. Completely. Obliterate.
Why on earth would you want to do that, I hear you cry? We’re in the business of building clouds, not destroying them. Well, there are actually several very good reasons.
Several very good reasons
- Training accounts
We have an AWS account we call “The Playground.” The sole purpose of the playground account is to facilitate training and skill development for our staff. It’s a great tool to have, but inevitably, someone creates resources and then forgets about them. They then sit there wasting energy and money. Nuke ‘em!
- Decommissions
Every so often, we need to wind down an AWS account completely. I’ve often spent a day or more going through the bills, seeing what we’re still being charged for, and deleting it. Nuke ‘em!
- Fresh starts
Sometimes resources have been created in a test environment, and you want to start over. I’m a big believer in “build one to throw one away.” Also I love to bury my head in the sand and pretend my mistakes never happened, so I nuke ‘em.
- Cost reduction
You can use this to clear out resources older than X amount of time. For example, clearing down any EBS snapshots older than 1 week. Go check your EBS snapshots, I guarantee* there’s a ton of old ones sitting around costing you money.
*No actual guarantee
- Very brave/stupid chaos engineering
OK, this one is a real edge case, but you can use cloud-nuke to wipe out entire regions or entire resource types. AWS region or AZ failures are rare, but when they do happen, disaster ensues. A recent eu-west-2 outage in London took out Slack for most of the UK, for example. Failing over to another region can mitigate this. I’m also a big…
