Config file excluding list not working
Closed this issue · 5 comments
Here's my config file:
cloudwatch-loggroup:
exclude:
names_regex:
- ^/aws/lambda/cloudnuke-.*
iam-role:
exclude:
names_regex:
- AdminRole
lambda:
exclude:
names_regex:
- ^cloudnuke-CloudnukeFunction-.*
But the resources in the exclude list is not being excluded as expected. Here's the command output:
~/workspace/cloudnuke > cloud-nuke aws --region us-east-1 --config /tmp/config.yml
WARNING This program sends telemetry to Gruntwork. To disable, set DISABLE_TELEMETRY=true as an environment variable
# AWS Resource Query Parameters
┌────────────────────────────────────────────────────────────────────┐
| Query Parameter | Value |
| ------------------------------------------------------------------ |
| Target Regions | us-east-1 |
| Target Resource Types | 64 resource types (too many to list all) |
| List Unaliased KMS Keys | false |
└────────────────────────────────────────────────────────────────────┘
INFO Found 1 cloudtrail resources in us-east-1
INFO Found 7 cloudwatch-loggroup resources in us-east-1
INFO Found 1 lambda resources in us-east-1
INFO Found 1 lambda_layer resources in us-east-1
INFO Found 2 s3 resources in us-east-1
INFO Done searching for resources
# Found AWS Resources
┌───────────────────────────────────────────────────────────────────────────────────────────────────────┐
| Resource Type | Region | Identifier |
| ----------------------------------------------------------------------------------------------------- |
| cloudtrail | us-east-1 | arn:aws:cloudtrail:us-east-1:123456789012:trail/organization-events |
| cloudwatch-loggroup | us-east-1 | /aws/lambda/cloudnuke |
| cloudwatch-loggroup | us-east-1 | /aws/lambda/cloudnuke-CloudnukeFunction-1B8Pc4zAE8Pg |
| cloudwatch-loggroup | us-east-1 | /aws/lambda/cloudnuke-CloudnukeFunction-X3Yy0Rf9WE66 |
| cloudwatch-loggroup | us-east-1 | /aws/lambda/cloudnuke-CloudnukeFunction-Zqcw8jdjVUuo |
| cloudwatch-loggroup | us-east-1 | /aws/lambda/iam-RandomStringLambdaFunction-C2AYRC2VHXAq |
| cloudwatch-loggroup | us-east-1 | /aws/lambda/iam-RandomStringLambdaFunction-iOK2uBNJQoGJ |
| cloudwatch-loggroup | us-east-1 | /aws/lambda/iam2-RandomStringLambdaFunction-MsDzp8iFYNvl |
| lambda | us-east-1 | cloudnuke-CloudnukeFunction-X3Yy0Rf9WE66 |
| lambda_layer | us-east-1 | python-requests |
| s3 | us-east-1 | cf-templates-xzv1s6iwynag-us-east-1 |
| s3 | us-east-1 | aws-sam-cli-managed-default-samclisourcebucket-xsyframphoe4 |
└───────────────────────────────────────────────────────────────────────────────────────────────────────┘
Any help would be appreciated. Thanks!
Hi @franky920920 , can you try using any of the online regex pattern matching tool to see if your regex pattern is formatted as you want it. Don't you want something like this instead? .*cloudnuke-CloudnukeFunction-.*?
Tried both .* and ^ patterns but still not working. Tested pattern using regex101.com (https://regex101.com/r/KZ71oM/1)
This is one of the name of your lambda function you want to exclude when using cloud-nuke? cloudnuke-CloudnukeFunction-d9WOPbUbFQSP. I'll try to create one and reproduce the same error.
Inspected the issue in depth. The config file is not in the right format.
The config key should be CloudWatchLogGroup instead of cloudwatch-loggroup.
You can find the list of config key from the README file.
Closing this issue now. Reach out if you continue to face the same issue.