VPC Eradicator! 💣

Tired of costly AWS bills because you forgot to delete a VPC once you were done with it? Hate going region by region in the AWS Console looking for every last resource? The VPC Eradicator 💣 is here to help!

Benefits:

💥 Keep at least a little of your money out of Jeff Bezos' pockets

💥 Stop clogging your AWS account with dead resources

💥 Your CTO will love you!

Risks:

💀 You'll save so much money, you'll be tempted to gamble it all when in Vegas for re:Invent, and will be savagely killed by the mob when you 10x your debts

💀 If your beverage of choice is tequila, you may want want to skip the 'Grab a beverage' instruction now and then

No rewards with out the risks, amiright?

Motivation:

The official AWS way to delete a VPC and its dependencies is to go into the AWS console and manually delete the VPC. In. Each. Region. So, if you have a default VPC in 16 or so regions that you want to delete, guess what you're doing for the next hour? 🤦

AWS refuses to add an --all-dependencies option to ec2 delete-vpc, so until they do (ha!), this may be the next best thing.

1. Setup

Best way: Deploy with Stackery

Use the Stackery CLI to create and deploy your serverless stack. After all, I created this app in Stackery and it made all the AWS permissions wrangling a breeze!

In your terminal, enter:

stackery create -n vpc-eradicator -p github --github-org <your github username> --blueprint-git-url https://github.com/bildungsroman/aws-vpc-eradicator/

(Developer's note: creating stacks based on existing git repos is a pro feature. If you're on the free developer plan, you can clone this stack the old fashioned way and use local deploy to deploy it to your AWS account.)

Once your stack is created, deploy it to your AWS account:

stackery deploy -n vpc-eradicator -e <your environment name> -r master --aws-profile <your AWS account profile>

# Example:
# stackery deploy -n vpc-eradicator -e dev -r master --aws-profile dev-account

Grab a beverage as your stack deploys to CloudFormation

Acceptable way: Deploy with the AWS SAM CLI

Clone this repo
In the root of the repo, enter:

sam deploy --template-file template.yaml --stack-name vpc-eradicator --profile <your AWS account profile> --region <the AWS region to deploy to>

# Example:
# sam deploy --template-file template.yaml --stack-name vpc-eradicator --profile dev-account --region us-west-2

Grab a beverage as your stack deploys to CloudFormation

Worst way: Add stack and deploy in the AWS Console

...just, don't.

2. Testing

Testing is easy with Stackery's local invoke command!

Clone your vpc-eradicator repo to your local machine
cd to the function directory of the repo (typically cd vpc-eradicator/src/eradicateVPC)

Run

stackery local invoke --env-name <your deployed enviornment name> --aws-profile <the profile for the AWS account your stack is deployed to>

# Example:
# stackery local invoke --env-name dev --aws-profile dev-account

You should see something like this in the console if all goes well:

2019-08-23T18:21:16.869Z        52fdfc07-2182-154f-163f-5f0f9a621d72    INFO    No VPCs found in ca-central-1, your money is safe for now!
2019-08-23T18:21:17.968Z        52fdfc07-2182-154f-163f-5f0f9a621d72    INFO    No VPCs found in ap-southeast-1, your money is safe for now!
2019-08-23T18:21:18.936Z        52fdfc07-2182-154f-163f-5f0f9a621d72    INFO    No VPCs found in ap-southeast-2, your money is safe for now!
2019-08-23T18:21:19.738Z        52fdfc07-2182-154f-163f-5f0f9a621d72    INFO    No VPCs found in eu-central-1, your money is safe for now!
2019-08-23T18:21:20.152Z        52fdfc07-2182-154f-163f-5f0f9a621d72    INFO    Oh noes! 1 VPC discovered in region us-east-1! Running eradicator.
...
2019-08-23T18:21:37.539Z        52fdfc07-2182-154f-163f-5f0f9a621d72    INFO    'vpc-09dsf5654123eaa' in region 'us-east-1' eradicated! Use that cash for something else!

Sweet!

If for some strange reason you don't use Stackery, you can invoke your deployed function using the AWS CLI's invoke command:

aws lambda invoke --function-name vpc-eradicator-dev-eradicateVPC output.log

This won't show your local changes, so you'll have to re-deploy each time you make a change to the function (so save your liver and get the Stackery CLI for local invoking already!).

Of course, there are many moving parts here, and any errors or failures to delete dependencies will likely prevent VPC deletion. At the moment, this is most foolproof against default VPCs. See the 'Known issues' section below, and consider contributing if you have any ideas for improvements!

Contributing

Yes, please! This AWS VPC stuff is confusing, and anyone willing and able to make this app better is my 🦸!

The only rules are document your stuff, and Wheaton's Law, of course.

Known issues/FAQ

Cloudformation stacks

If you deployed a VPC as part of a Cloudformation stack, you'll likely run into errors such as:

You are not allowed to manage 'ela-attach' attachments.

and then

The vpc 'vpc-...' has dependencies and cannot be deleted.

Unfortunately, network interfaces that are deployed as part of a Cloudformation stack can only be deleted in the AWS Console 😞

The good news is, you can undeploy the stack and get rid of all your VPC resources in one go:

stackery undeploy -n <the offending stack name> -e <environment name>

Network vpc-xxxx has some mapped public addresses

See this Stack Overflow thread for clarification.

How do you know the order of resource deletion?

I'm going by this thread on the AWS forums, but it's from 2012 so who knows. Try moving things around if the function doesn't work for you.

What if I just want to know if there's an active VPC, but I don't want to delete it?

I also built a VPC warning email sender app that uses SES to email you when it detects a VPC.

Is there an equally entertaining blog post talking about the process of building this app?

Why yes there is, thanks for asking!

Who built this awesomeness/monstrosity (delete as necessary)?

My name is Anna, and I'm a software engineer building fun serverless stuff over at Stackery 👋