Automatically remove cloud and kubernetes resources based on a time to leave tag, ttl.
Protect resources from deletion with a protection tag, do_no_delete.
NOTE: this project is used in Qovery's production environment
- AWS
- Document db databases
- Elasticache databases
- RDS databases
- EBS volumes
- ELB load balancers
- EC2 Key pairs
- ECR repositories
- EKS clusters
- IAM groups
- IAM users
- IAM policies
- IAM roles
- Cloudwatch logs
- KMS keys
- VPC vpcs
- VPC internet gateways
- VPC route tables
- VPC subnets
- VPC security groups
- S3 buckets
- DIGITAL OCEAN
- AZURE
- GCP
You can find a helm chart here, a docker image here and all binaries are on github.
In order to make pleco check and clean expired aws resources you need to set the following environment variables:
$ export AWS_ACCESS_KEY_ID=<access_key>
$ export AWS_SECRET_ACCESS_KEY=<secret_key>A pleco command has the following structure:
pleco start [options]You can set the debug level with:
--level <log level>Default is "info"
You can set the interval between two pleco's check with:
--check-interval, -i <time in seconds>Default is "120"
If you disable dry run, pleco will delete expired resources. If not it will only tells you how many resources are expired.
You can disable dry-run with:
--disable-dry-run, -yDefault is "false"
When pleco's look for expired resources, it will do it by aws region.
You can set region(s) with:
--aws-regions, -a <region(s)>For exemple:
-a eu-west-3,us-east-2When pleco is running you have to specify which resources expiration will be checked.
Here are some the resources you can check:
--enable-eks, -e # Enable EKS watch
--enable-iam, -u # Enable IAM watch (groups, policies, roles, users)pleco start --level debug -i 240 -a eu-west-3 -e -r -m -c -l -b -p -s -w -n -u -z -o -y