Nuke gruntwork S3 buckets

dxxzdxxz · Oct 14, 2020 · 25c3de7 · 25c3de7
1 parent b3be887
commit 25c3de7
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 14 deletions.
diff --git a/.circleci/cloud_nuke_config.yml b/.circleci/cloud_nuke_config.yml
@@ -0,0 +1,19 @@
+s3:
+  include:
+    names_regex:
+      - '^cloudfront-example-[a-zA-Z0-9]{6}\.gruntwork\.in.*'
+      - '^acme-stage-static-[a-z0-9]{6}\.gruntwork\.in(-((logs)|(cloudfront-logs)))?$'
+      - '^gruntwork-terratest-[a-zA-Z0-9]{6}$'
+      - '^gw-cis-aws-config-all-regions-[a-zA-Z0-9]{6}-.*'
+      - '^houston-static-[a-zA-Z0-9]{12}.*'
+      - '^cloud-nuke-test-[a-z0-9]{12}'
+      - '^zookeeper-cluster-test-[a-z0-9]{6}'
+      - '^kafka-zk-standalone-[a-z0-9]{6}'
+      - '^nlb-testnlbaccesslogs[a-z0-9]{6}-access-logs'
+      - '^terragrunt-test-bucket-[a-z0-9]{6}'
+      - '^[a-z0-9]{6}-service-test-s3-bucket'
+      - '^[a-z0-9]{6}-ecs-service-test-s3-bucket'
+      - '^vault-module-test-[a-z0-9]{6}'
+      - '^tst-openvpn-[a-z0-9]{6}'
+      - '^openvpn-test-[a-z0-9]{6}'
+      - '^gruntwork-test-[a-z0-9]{6}-config-test$'
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -28,12 +28,11 @@ jobs:
       - checkout
       - run:
           command: |
-            # We explicitly list the resource types we want to nuke, as we are not ready to nuke some resource types in
-            # the AWS account we use at Gruntwork for testing (Phx DevOps) (e.g., S3)
+            # We use a config file to ensure that we only nuke the resources that we know relate to testing.
             go run main.go aws \
               --older-than 1h \
               --force \
-              --exclude-resource-type s3
+              --config ./.circleci/cloud_nuke_config.yml
           no_output_timeout: 1h
 
   nuke_sandbox:
@@ -44,12 +43,11 @@ jobs:
           command: |
             export AWS_ACCESS_KEY_ID=$SANDBOX_AWS_ACCESS_KEY_ID
             export AWS_SECRET_ACCESS_KEY=$SANDBOX_AWS_SECRET_ACCESS_KEY
-            # We explicitly list the resource types we want to nuke, as we are not ready to nuke some resource types in
-            # the AWS account we use at Gruntwork for testing (Sandbox) (e.g., S3)
+            # We use a config file to ensure that we only nuke the resources that we know relate to testing.
             go run main.go aws \
               --older-than 24h \
               --force \
-              --exclude-resource-type s3
+              --config ./.circleci/cloud_nuke_config.yml
           no_output_timeout: 1h
 
   deploy:
@@ -92,10 +90,7 @@ workflows:
             branches:
               only: master
     jobs:
-      - test
-      - nuke_phx_devops:
-          requires:
-            - test
+      - nuke_phx_devops
 
   nightly:
     triggers:
@@ -105,7 +100,4 @@ workflows:
             branches:
               only: master
     jobs:
-      - test
-      - nuke_sandbox:
-          requires:
-            - test
+      - nuke_sandbox