无法运行AWS -Nuke [英] Unable to run AWS -Nuke
问题描述
我正在尝试运行
免责声明:我是 aws-nuke 的作者.
这不是您的YAML文件的配置问题,而是您的AWS账户中缺少设置.
IAM别名是全球唯一的名称为您的AWS账户. aws-nuke 需要此作为安全保护措施,因此您不会意外销毁您的生产帐户.这个想法是,每个生产帐户至少包含一个子字符串 prod .
听起来好像不需要这个帐户,但是我们非常热衷于不核销任何生产帐户.
您可以按照文档来指定通过Web控制台的别名,或者您使用CLI:
aws iam创建帐户别名--profile演示-帐户别名my-test-account-8gmst3` 我想我们需要改进错误消息.
I am trying to run aws-nuke to delete all the resources.
I am trying to run command
aws-nuke -c config/example.yaml --profile demo
config/example.yaml
---
regions:
- "global" # This is for all global resource types e.g. IAM
- "eu-west-1"
account-blacklist:
- "999999999999" # production
# optional: restrict nuking to these resources
resource-types:
targets:
- IAMUser
- IAMUserPolicyAttachment
- IAMUserAccessKey
- S3Bucket
- S3Object
- Route53HostedZone
- EC2Instance
- CloudFormationStack
accounts:
555133742123#demo:
filters:
IAMUser:
- "admin"
IAMUserPolicyAttachment:
- property: RoleName
value: "admin"
IAMUserAccessKey:
- property: UserName
value: "admin"
S3Bucket:
- "s3://my-bucket"
S3Object:
- type: "glob"
value: "s3://my-bucket/*"
Route53HostedZone:
- property: Name
type: "glob"
value: "*.zone.loc."
CloudFormationStack:
- property: "tag:team"
value: "myTeam"
Errors screenshot below.What is this missing
Disclaimer: I am an author of aws-nuke.
This is not an configuration problem of your YAML file, but a missing setting in your AWS account.
The IAM Alias is a globally unique name for your AWS Account. aws-nuke requires this as a safety guard, so you do not accidentally destroy your production accounts. The idea is that every production account contains at least the substring prod.
This might sound a bit unnecessary to demand this account, but we are very passionate to not nuke any production account.
You can follow the docs to specify the Alias via the web console, or you use the CLI:
aws iam create-account-alias --profile demo --account-alias my-test-account-8gmst3`
I guess we need to improve the error message.
这篇关于无法运行AWS -Nuke的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
