-
Notifications
You must be signed in to change notification settings - Fork 718
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The default-vpc and all linked resources (subnets, IGW, etc.) are removed #555
Comments
+1 as just got caught out by this myself - this is particularly unfortunate since the documentation suggests it won't happen: Line 153 in 928f315
I'll start by raising a documentation PR to fix that, but I don't think that closes the issue as raised - I suspect it's one for the maintainers to decide whether it's worth adding/maintaining this as a new feature. If it is accepted, I may be free to contribute some work on it. |
Scratch that, this seems to be a bug: aws-nuke/resources/ec2-network-acls.go Lines 41 to 47 in 592a342
|
Thank you for finding this. |
I assume there is no good way of avoiding removal of the default VPC then, anyone sitting on a good way to filter out the default VPC and related resources without specifying specific ID:s etc? |
Hello. Sorry for the late response. I do not yet understand the use case here. You want to preserve all linked resources of the default VPC? Even custom created ones? Additionally the
So we have to question whether this property makes sense for aws-nuke at all. |
Actually I just would prefer to preserve the default networking structure as it was set up when the account was created, right now I'm looking at capturing it specifically every time for every account before I start provisioning. The reason is mainly to save time on the actions on VPCs as they are relatively slow. I have very high account turnover in my usecase :) |
Sorry, I did a bit of a drive-by on this one as I wasn't quite sure whether it qualified as a bug or was a documentation problem. This is helpful discussion above, thanks. For background, I came across this because I had an issue with a third-party test suite which expected my default VPC to exist. There's a strong argument to be made that tests should avoid assuming things about my AWS account - but I mention it because it did highlight that people expect the default VPC, subnets and so on to be present. I wouldn't expect resources that I created to be reserved, but AWS default resources are at least more of a grey area. So, based on the discussion above: I think it's correct behaviour that by default After a quick look around, it looks like there are already options to filter the default VPC and subnets (though I've not tested them): So I would suggest that the fix here is to:
Does that make sense? Happy to add this if so. Alternatively, if we think there's value in adding a |
Hello and thanks very much for the comments. Which are going to be deleted even after we put the configuration:
If those resources (EC2InternetGatewayAttachment, EC2RouteTable, EC2DHCPOption, EC2InternetGateway) gets deleted - this is as good as deleting the whole VPC. I would love to have an option to preserve the default VPC ( EC2VPC resource with all of the related resources: EC2Subnet, EC2InternetGatewayAttachment, EC2RouteTable, EC2DHCPOption, EC2InternetGateway) Thank you! |
Hello! The default vpc should not really be used for anything serious, especially in infrastructure as code scenarios. It just there to make the life a bit simpler, especially when you use the web ui, but in cases where you use terraform and/or cloudformation, its recommended to setup everything, including the VPC. That being said, we will most likely consider/accept any pull request, which adds a filter property "IsDefaultVPC" (or something similar) to all the dependent resources. |
@bjoernhaeuser That sounds like something i could do. Any hints where to start? |
last comment over a year ago, went unanswered, any updates on this? (i too ran into the unfortunate scenario where the default vpc was destroyed). I gathered from the docs that it would be safe from nuke |
Another year and... It looks like we're close now? I'm doing this on a personal account to stop those AWS bills -- apparently I wasn't 100% consistent when experimenting with AWS and Terraform and some resources got orphaned. Since it's a personal account I'd like to retain the default VPCs for maximum compatibility with tutorials etc. I was looking at the nuke plan and noticed that all the default VPC resources @danielrankov-mm mentioned can now be targeted. 🎉 What about
|
I'm planning on putting together some example configurations in the new documentation on the now actively managed fork of aws-nuke I'll make sure to include this there. Please see the copy of the notice from the README about the deprecation of this project. Sven was kind enough to grant me access to help triage and close issues and pull requests that have already been addressed in the actively maintained fork. Some additional information is located in the welcome issue for more information. Caution This repository for aws-nuke is no longer being actively maintained. We recommend users to switch to the actively maintained fork of this project at ekristen/aws-nuke. |
Maybe an option to avoid that, what do you think?
The text was updated successfully, but these errors were encountered: