Merge branch 'main' into oreilly-main

Author: danarbaugh

README.md

@@ -612,10 +612,10 @@ The easiest way of installing it, is to download the latest
 #### Example for Linux Intel/AMD
 
 Download and extract
-`$ wget -c https://github.com/rebuy-de/aws-nuke/releases/download/v2.22.1/aws-nuke-v2.22.1-linux-amd64.tar.gz -O - | tar -xz -C $HOME/bin`
+`$ wget -c https://github.com/rebuy-de/aws-nuke/releases/download/v2.23.0/aws-nuke-v2.23.0-linux-amd64.tar.gz -O - | tar -xz -C $HOME/bin`
 
 Run
-`$ aws-nuke-v2.22.1-linux-amd64`
+`$ aws-nuke-v2.23.0-linux-amd64`
 
 ### Compile from Source
 
@@ -639,7 +639,7 @@ $ docker run \
     --rm -it \
     -v /full-path/to/nuke-config.yml:/home/aws-nuke/config.yml \
     -v /home/user/.aws:/home/aws-nuke/.aws \
-    quay.io/rebuy/aws-nuke:v2.22.1 \
+    quay.io/rebuy/aws-nuke:v2.23.0 \
     --profile default \
     --config /home/aws-nuke/config.yml
 ```

go.mod

@@ -3,17 +3,17 @@ module github.com/rebuy-de/aws-nuke/v2
 go 1.19
 
 require (
-	github.com/aws/aws-sdk-go v1.44.251
+	github.com/aws/aws-sdk-go v1.44.295
 	github.com/fatih/color v1.15.0
 	github.com/golang/mock v1.6.0
 	github.com/google/uuid v1.3.0
 	github.com/mb0/glob v0.0.0-20160210091149-1eb79d2de6c4
 	github.com/pkg/errors v0.9.1
 	github.com/rebuy-de/rebuy-go-sdk/v4 v4.5.1
-	github.com/sirupsen/logrus v1.9.0
+	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.7.0
-	github.com/stretchr/testify v1.8.2
-	golang.org/x/sync v0.1.0
+	github.com/stretchr/testify v1.8.4
+	golang.org/x/sync v0.3.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 

go.sum

@@ -1,5 +1,5 @@
-github.com/aws/aws-sdk-go v1.44.251 h1:unCIT7a/BkYvJ/43D0Ts/0aRbWDMQM0SUzBtdsKPwCg=
-github.com/aws/aws-sdk-go v1.44.251/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
+github.com/aws/aws-sdk-go v1.44.295 h1:SGjU1+MqttXfRiWHD6WU0DRhaanJgAFY+xIhEaugV8Y=
+github.com/aws/aws-sdk-go v1.44.295/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -42,22 +42,18 @@ github.com/rebuy-de/rebuy-go-sdk/v4 v4.5.1 h1:7QWjC0uku9pIqTXS664clCMjqhZLjO/sUV
 github.com/rebuy-de/rebuy-go-sdk/v4 v4.5.1/go.mod h1:ZSfnIcE8RFKz7IO6AFZjETDbPyMdUjtxCea9R7Q6pQE=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/sirupsen/logrus v1.3.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
-github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
-github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I=
 github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
-github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
@@ -78,8 +74,8 @@ golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
-golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
+golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=

pkg/config/config.go

@@ -37,8 +37,9 @@ type Nuke struct {
 }
 
 type FeatureFlags struct {
-	DisableDeletionProtection  DisableDeletionProtection `yaml:"disable-deletion-protection"`
-	ForceDeleteLightsailAddOns bool                      `yaml:"force-delete-lightsail-addons"`
+	DisableDeletionProtection        DisableDeletionProtection `yaml:"disable-deletion-protection"`
+	DisableEC2InstanceStopProtection bool                      `yaml:"disable-ec2-instance-stop-protection"`
+	ForceDeleteLightsailAddOns       bool                      `yaml:"force-delete-lightsail-addons"`
 }
 
 type DisableDeletionProtection struct {

resources/cloudcontrol.go

@@ -26,6 +26,10 @@ func init() {
 	registerCloudControl("AWS::AppRunner::Service")
 	registerCloudControl("AWS::ApplicationInsights::Application")
 	registerCloudControl("AWS::Backup::Framework")
+	registerCloudControl("AWS::ECR::PublicRepository")
+	registerCloudControl("AWS::ECR::PullThroughCacheRule")
+	registerCloudControl("AWS::ECR::RegistryPolicy")
+	registerCloudControl("AWS::ECR::ReplicationConfiguration")
 	registerCloudControl("AWS::MWAA::Environment")
 	registerCloudControl("AWS::Synthetics::Canary")
 	registerCloudControl("AWS::Timestream::Database")

resources/cloudfront-function.go

@@ -0,0 +1,70 @@
+package resources
+
+import (
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/cloudfront"
+	"github.com/rebuy-de/aws-nuke/v2/pkg/types"
+)
+
+type CloudFrontFunction struct {
+	svc   *cloudfront.CloudFront
+	name  *string
+	stage *string
+}
+
+func init() {
+	register("CloudFrontFunction", ListCloudFrontFunctions)
+}
+
+func ListCloudFrontFunctions(sess *session.Session) ([]Resource, error) {
+	svc := cloudfront.New(sess)
+	resources := []Resource{}
+	params := &cloudfront.ListFunctionsInput{}
+
+	for {
+		resp, err := svc.ListFunctions(params)
+		if err != nil {
+			return nil, err
+		}
+
+		for _, item := range resp.FunctionList.Items {
+			resources = append(resources, &CloudFrontFunction{
+				svc:   svc,
+				name:  item.Name,
+				stage: item.FunctionMetadata.Stage,
+			})
+		}
+
+		if resp.FunctionList.NextMarker == nil {
+			break
+		}
+
+		params.Marker = resp.FunctionList.NextMarker
+
+	}
+	return resources, nil
+}
+
+func (f *CloudFrontFunction) Remove() error {
+	resp, err := f.svc.GetFunction(&cloudfront.GetFunctionInput{
+		Name:  f.name,
+		Stage: f.stage,
+	})
+	if err != nil {
+		return err
+	}
+
+	_, err = f.svc.DeleteFunction(&cloudfront.DeleteFunctionInput{
+		Name:    f.name,
+		IfMatch: resp.ETag,
+	})
+
+	return err
+}
+
+func (f *CloudFrontFunction) Properties() types.Properties {
+	properties := types.NewProperties()
+	properties.Set("name", f.name)
+	properties.Set("stage", f.stage)
+	return properties
+}

resources/cloudfront-origin-access-control.go

@@ -0,0 +1,66 @@
+package resources
+
+import (
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/cloudfront"
+	"github.com/rebuy-de/aws-nuke/v2/pkg/types"
+)
+
+type CloudFrontOriginAccessControl struct {
+	svc *cloudfront.CloudFront
+	ID  *string
+}
+
+func init() {
+	register("CloudFrontOriginAccessControl", ListCloudFrontOriginAccessControls)
+}
+
+func ListCloudFrontOriginAccessControls(sess *session.Session) ([]Resource, error) {
+	svc := cloudfront.New(sess)
+	resources := []Resource{}
+	params := &cloudfront.ListOriginAccessControlsInput{}
+
+	for {
+		resp, err := svc.ListOriginAccessControls(params)
+		if err != nil {
+			return nil, err
+		}
+
+		for _, item := range resp.OriginAccessControlList.Items {
+			resources = append(resources, &CloudFrontOriginAccessControl{
+				svc: svc,
+				ID:  item.Id,
+			})
+		}
+
+		if !*resp.OriginAccessControlList.IsTruncated {
+			break
+		}
+
+		params.Marker = resp.OriginAccessControlList.NextMarker
+	}
+
+	return resources, nil
+}
+
+func (f *CloudFrontOriginAccessControl) Remove() error {
+	resp, err := f.svc.GetOriginAccessControl(&cloudfront.GetOriginAccessControlInput{
+		Id: f.ID,
+	})
+	if err != nil {
+		return err
+	}
+
+	_, err = f.svc.DeleteOriginAccessControl(&cloudfront.DeleteOriginAccessControlInput{
+		Id:      f.ID,
+		IfMatch: resp.ETag,
+	})
+
+	return err
+}
+
+func (f *CloudFrontOriginAccessControl) Properties() types.Properties {
+	properties := types.NewProperties()
+	properties.Set("ID", f.ID)
+	return properties
+}

resources/ec2-instances.go

@@ -72,28 +72,59 @@ func (i *EC2Instance) Remove() error {
 
 	_, err := i.svc.TerminateInstances(params)
 	if err != nil {
-		if i.featureFlags.DisableDeletionProtection.EC2Instance {
-			awsErr, ok := err.(awserr.Error)
-			if ok && awsErr.Code() == "OperationNotPermitted" &&
-				awsErr.Message() == "The instance '"+*i.instance.InstanceId+"' may not be terminated. "+
-					"Modify its 'disableApiTermination' instance attribute and try again." {
-				err = i.DisableProtection()
-				if err != nil {
-					return err
-				}
-				_, err := i.svc.TerminateInstances(params)
-				if err != nil {
-					return err
-				}
-				return nil
+		awsErr, ok := err.(awserr.Error)
+		// Check for Termination Protection, disable it, and try termination again.
+		if ok && awsErr.Code() == "OperationNotPermitted" &&
+			awsErr.Message() == "The instance '"+*i.instance.InstanceId+"' may not be "+
+				"terminated. Modify its 'disableApiTermination' instance attribute and "+
+				"try again." && i.featureFlags.DisableDeletionProtection.EC2Instance {
+			termErr := i.DisableTerminationProtection()
+			if termErr != nil {
+				return termErr
+			}
+			_, err = i.svc.TerminateInstances(params)
+			// If we still get an error, we'll check for type and let the next routine
+			// handle it.
+			if err != nil {
+				awsErr, ok = err.(awserr.Error)
 			}
 		}
+
+		// Check for Stop Protection, disable it, and try termination again.
+		if ok && awsErr.Code() == "OperationNotPermitted" &&
+			awsErr.Message() == "The instance '"+*i.instance.InstanceId+"' may not be "+
+				"terminated. Modify its 'disableApiStop' instance attribute and try "+
+				"again." && i.featureFlags.DisableEC2InstanceStopProtection {
+			stopErr := i.DisableStopProtection()
+			if stopErr != nil {
+				return stopErr
+			}
+			_, err = i.svc.TerminateInstances(params)
+		}
+
+		// If we still have an error at this point, we'll return it.
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (i *EC2Instance) DisableStopProtection() error {
+	params := &ec2.ModifyInstanceAttributeInput{
+		InstanceId: i.instance.InstanceId,
+		DisableApiStop: &ec2.AttributeBooleanValue{
+			Value: aws.Bool(false),
+		},
+	}
+	_, err := i.svc.ModifyInstanceAttribute(params)
+	if err != nil {
 		return err
 	}
 	return nil
 }
 
-func (i *EC2Instance) DisableProtection() error {
+func (i *EC2Instance) DisableTerminationProtection() error {
 	params := &ec2.ModifyInstanceAttributeInput{
 		InstanceId: i.instance.InstanceId,
 		DisableApiTermination: &ec2.AttributeBooleanValue{

resources/ecr-repository.go

@@ -18,7 +18,8 @@ type ECRRepository struct {
 }
 
 func init() {
-	register("ECRRepository", ListECRRepositories)
+	register("ECRRepository", ListECRRepositories,
+		mapCloudControl("AWS::ECR::Repository"))
 }
 
 func ListECRRepositories(sess *session.Session) ([]Resource, error) {

resources/iam-groups.go

@@ -19,22 +19,23 @@ func init() {
 
 func ListIAMGroups(sess *session.Session) ([]Resource, error) {
 	svc := iam.New(sess)
-
-	resp, err := svc.ListGroups(nil)
+	resources := []Resource{}
+
+	err := svc.ListGroupsPages(nil, func(page *iam.ListGroupsOutput, lastPage bool) bool {
+		for _, out := range page.Groups {
+			resources = append(resources, &IAMGroup{
+				svc:  svc,
+				id:   *out.GroupId,
+				name: *out.GroupName,
+				path: *out.Path,
+			})
+		}
+		return true
+	})
 	if err != nil {
 		return nil, err
 	}
 
-	resources := make([]Resource, 0)
-	for _, out := range resp.Groups {
-		resources = append(resources, &IAMGroup{
-			svc:  svc,
-			id:   *out.GroupId,
-			name: *out.GroupName,
-			path: *out.Path,
-		})
-	}
-
 	return resources, nil
 }