Cloud Nuke is a command-line tool designed to streamline the cleanup of cloud resources in AWS accounts. It helps users eliminate leftover or redundant resources, preventing unintended charges and enhancing security by removing default configurations that may pose risks.
Key Features:
Comprehensive Resource Cleanup: Supports inspecting and deleting over 100 AWS resource types, including EC2 instances, S3 buckets, RDS clusters, VPCs, and more.
Fine-Grained Configuration: Allows users to specify which resources to delete or exclude using YAML configuration files.
Non-Destructive Inspection Mode: Enables users to review resources before deletion, reducing the risk of accidental data loss.
Automated Cleanup Workflows: Simplifies the process of cleaning up test environments or decommissioned accounts by providing a single-command solution.
Audience & Benefit:
Ideal for developers, DevOps engineers, and cloud administrators who need to maintain cost efficiency and security by eliminating unused or redundant resources. It is particularly useful for teams managing multiple AWS accounts or those transitioning away from legacy infrastructure.
Cloud Nuke can be installed via winget, making it easy to integrate into existing workflows.
README
cloud-nuke
A CLI tool to delete all resources in your cloud account. Designed for cleaning up test accounts, removing leftover resources, and eliminating unnecessary defaults like default VPCs and permissive security group rules.
BEWARE!
When executed as cloud-nuke aws, this tool is HIGHLY DESTRUCTIVE and deletes all resources! This mode should never be used in a production environment!
When executed as cloud-nuke defaults-aws, this tool deletes all DEFAULT VPCs and the default ingress/egress rule for all default security groups. This should be used in production environments WITH CAUTION.
Install
Download from releases page
Download the latest binary for your OS on the releases page.
Move the binary to a folder on your PATH. E.g.: mv cloud-nuke_darwin_amd64 /usr/local/bin/cloud-nuke.
Add execute permissions to the binary. E.g.: chmod u+x /usr/local/bin/cloud-nuke.
Test it installed correctly: cloud-nuke --help.
Install via package manager
Note that package managers are third party and may not always have the latest version. Check your version against the releases page.
# Delete all resources (with confirmation prompt)
cloud-nuke aws
# Inspect resources without deleting
cloud-nuke inspect-aws
# Delete resources in specific regions only
cloud-nuke aws --region us-east-1 --region us-west-2
# Delete only specific resource types
cloud-nuke aws --resource-type ec2 --resource-type s3
# Preview what would be deleted
cloud-nuke aws --dry-run
# Delete default VPCs and security group rules
cloud-nuke defaults-aws
# Use a config file for granular filtering
cloud-nuke aws --config path/to/config.yaml
As of v0.29.0, cloud-nuke sends telemetry to Gruntwork (command name, version, and AWS account ID). IP addresses and resource names are never collected. Disable with DISABLE_TELEMETRY=1.
