gruntwork-io/cloud-nuke

Config file excluding list not working

franky920920 opened this issue · 5 comments

Here's my config file:

cloudwatch-loggroup:
  exclude:
    names_regex:
     - ^/aws/lambda/cloudnuke-.*
iam-role:
  exclude:
    names_regex:
      - AdminRole
lambda:
  exclude:
    names_regex:
     - ^cloudnuke-CloudnukeFunction-.*

But the resources in the exclude list is not being excluded as expected. Here's the command output:

~/workspace/cloudnuke > cloud-nuke aws --region us-east-1 --config /tmp/config.yml                                                                              
 WARNING  This program sends telemetry to Gruntwork. To disable, set DISABLE_TELEMETRY=true as an environment variable


# AWS Resource Query Parameters
┌────────────────────────────────────────────────────────────────────┐
| Query Parameter         | Value                                    |
| ------------------------------------------------------------------ |
| Target Regions          | us-east-1                                |
| Target Resource Types   | 64 resource types (too many to list all) |
| List Unaliased KMS Keys | false                                    |
└────────────────────────────────────────────────────────────────────┘

 INFO  Found 1 cloudtrail resources in us-east-1                                                                                                                                                                
 INFO  Found 7 cloudwatch-loggroup resources in us-east-1                                                                                                                                                       
 INFO  Found 1 lambda resources in us-east-1                                                                                                                                                                    
 INFO  Found 1 lambda_layer resources in us-east-1                                                                                                                                                              
 INFO  Found 2 s3 resources in us-east-1                                                                                                                                                                        
 INFO  Done searching for resources                                                                                                                                                                             
                                                                                                                                                                                                                
# Found AWS Resources
┌───────────────────────────────────────────────────────────────────────────────────────────────────────┐
| Resource Type       | Region    | Identifier                                                          |
| ----------------------------------------------------------------------------------------------------- |
| cloudtrail          | us-east-1 | arn:aws:cloudtrail:us-east-1:123456789012:trail/organization-events |
| cloudwatch-loggroup | us-east-1 | /aws/lambda/cloudnuke                                               |
| cloudwatch-loggroup | us-east-1 | /aws/lambda/cloudnuke-CloudnukeFunction-1B8Pc4zAE8Pg                |
| cloudwatch-loggroup | us-east-1 | /aws/lambda/cloudnuke-CloudnukeFunction-X3Yy0Rf9WE66                |
| cloudwatch-loggroup | us-east-1 | /aws/lambda/cloudnuke-CloudnukeFunction-Zqcw8jdjVUuo                |
| cloudwatch-loggroup | us-east-1 | /aws/lambda/iam-RandomStringLambdaFunction-C2AYRC2VHXAq             |
| cloudwatch-loggroup | us-east-1 | /aws/lambda/iam-RandomStringLambdaFunction-iOK2uBNJQoGJ             |
| cloudwatch-loggroup | us-east-1 | /aws/lambda/iam2-RandomStringLambdaFunction-MsDzp8iFYNvl            |
| lambda              | us-east-1 | cloudnuke-CloudnukeFunction-X3Yy0Rf9WE66                            |
| lambda_layer        | us-east-1 | python-requests                                                     |
| s3                  | us-east-1 | cf-templates-xzv1s6iwynag-us-east-1                                 |
| s3                  | us-east-1 | aws-sam-cli-managed-default-samclisourcebucket-xsyframphoe4         |
└───────────────────────────────────────────────────────────────────────────────────────────────────────┘

Any help would be appreciated. Thanks!

Hi @franky920920 , can you try using any of the online regex pattern matching tool to see if your regex pattern is formatted as you want it. Don't you want something like this instead? .*cloudnuke-CloudnukeFunction-.*?

Tried both .* and ^ patterns but still not working. Tested pattern using regex101.com (https://regex101.com/r/KZ71oM/1)

This is one of the name of your lambda function you want to exclude when using cloud-nuke? cloudnuke-CloudnukeFunction-d9WOPbUbFQSP. I'll try to create one and reproduce the same error.

Inspected the issue in depth. The config file is not in the right format.
The config key should be CloudWatchLogGroup instead of cloudwatch-loggroup.

You can find the list of config key from the README file.

Closing this issue now. Reach out if you continue to face the same issue.