AWSweeper wipes out all (or parts) of the resources in your AWS account. Resources to be deleted can be filtered by their ID, tags or creation date using regular expressions declared in a yaml file (see config.yml).
AWSweeper can delete many, but not all resources yet. Your help supporting more resources is very much appreciated (please read this issue to see how easy it is). Note that AWSweeper is based on the cloud-agnostic Terraform API for deletion - so it's planned to support deleting Azure and Google Cloud Platform resources soon, too.
Happy erasing!
Releases for your platform are here.
awsweeper [options] <config.yml>
To see options available run awsweeper --help
.
Resources to be deleted are filtered by a yaml configuration. To learn how, have a look at the following example:
aws_instance:
- id: ^foo.*
tags:
foo: bar
bla: blub
created:
before: 2018-06-14
after: 2018-10-28 12:28:39 +0000
- tags:
foo: bar
created:
before: 2018-06-14
aws_iam_role:
This config would delete all instances which ID matches ^foo.*
and which have tags foo: bar
and bla: blub
and which have been created between 2018-10-28 12:28:39 +0000 UTC
and 2018-06-14
. Additionally, it would delete instances
with tag foo: bar
and which are older than 2018-06-14
.
Furthermore, this config would delete all IAM roles, as there is no list of filters provided for this resource type.
The general syntax of the filter config is as follows:
<resource type>:
# filter 1
- id: <regex to filter by id>
tags:
<key>: <regex to filter value>
...
created:
before: <timestamp> (optional)
after: <timestamp> (optional)
# filter 2
- ...
<resource type>:
...
A more detailed description of the ways to filter resources:
Terraform types are used to identify resources of a particular type
(e.g., aws_security_group
selects all resources that are security groups, aws_iam_role
all roles,
or aws_instance
all EC2 instances).
In the example above, by simply adding security_group:
(no further filters for IDs or tags),
all security groups in your account would be deleted. Use the all.yml, to delete all (currently supported)
resources.
You can narrow down on particular types of resources by the tags they have.
If most of your resources have tags, this is probably the best to filter them for deletion. But be aware: not all resources support tags and can be filtered this way.
In the example above, all EC2 instances are terminated that have a tag with key foo
and value bar
as well as
bla
and value blub
.
You can narrow down on particular types of resources by filtering on their IDs.
To see what the IDs of your resources are (could be their name, ARN, a random number),
run awsweeper in dry-run mode: awsweeper --dry-run all.yml
. This way, nothing is deleted but
all the IDs and tags of your resources are printed. Then, use this information to create the yaml file.
In the example above, all roles which name starts with foo
are deleted (the ID of roles is their name).
You can select resources by filtering on the date they have been created.
Use awsweeper --dry-run <config.yml>
to only show what
would be deleted. This way, you can fine-tune your yaml configuration until it works the way you want it to.
AWSweeper can currently delete many but not all of the existing types of AWS resources:
- aws_ami
- aws_autoscaling_group
- aws_cloudformation_stack
- aws_ebs_snapshot
- aws_ebs_volume
- aws_efs_file_system
- aws_eip
- aws_elb
- aws_iam_group
- aws_iam_instance_profile
- aws_iam_policy
- aws_iam_role
- aws_iam_user
- aws_instance
- aws_internet_gateway
- aws_key_pair
- aws_kms_alias
- aws_kms_key
- aws_launch_configuration
- aws_nat_gateway
- aws_network_acl
- aws_network_interface
- aws_route53_zone
- aws_route_table
- aws_s3_bucket
- aws_security_group
- aws_subnet
- aws_vpc
- aws_vpc_endpoint
Note that the above list contains terraform types which must be used instead of AWS resource types to identify resources in the yaml configuration. The reason is that AWSweeper is build upon the already existing delete routines provided by the Terraform AWS provider.
WARNING: Running acceptance tests create real resources that might cost you money.
Run all acceptance tests with
make testacc
or use
make testacc TESTARGS='-run=TestAccVpc*'
to test the working of AWSweeper for a just single resource, such as aws_vpc
.
This tool is thoroughly tested. However, you are using this tool at your own risk! I will not take any responsibility if you delete any critical resources in your production environments.