gruntwork-io
Incomplete Execution Due to Missing Exception Handling
Please add exception handling to continue execution when an existing control prevents successful deletion of a resource.
$ ./cloud-nuke aws --log-level debug
INFO[2020-05-04T14:29:33-05:00] The following resources types will be nuked:
INFO[2020-05-04T14:29:33-05:00] - ami
INFO[2020-05-04T14:29:33-05:00] - asg
INFO[2020-05-04T14:29:33-05:00] - ebs
INFO[2020-05-04T14:29:33-05:00] - ec2
INFO[2020-05-04T14:29:33-05:00] - ecsserv
INFO[2020-05-04T14:29:33-05:00] - eip
INFO[2020-05-04T14:29:33-05:00] - ekscluster
INFO[2020-05-04T14:29:33-05:00] - elb
INFO[2020-05-04T14:29:33-05:00] - elbv2
INFO[2020-05-04T14:29:33-05:00] - lc
INFO[2020-05-04T14:29:33-05:00] - rds
INFO[2020-05-04T14:29:33-05:00] - s3
INFO[2020-05-04T14:29:33-05:00] - snap
INFO[2020-05-04T14:29:37-05:00] Retrieving active AWS resources in [eu-north-1, ap-south-1, eu-west-3, eu-west-2, eu-west-1, ap-northeast-2, ap-northeast-1, sa-east-1, ca-central-1, ap-southeast-1, ap-southeast-2, eu-central-1, us-east-1, us-east-2, us-west-1, us-west-2]
INFO[2020-05-04T14:29:37-05:00] Checking region [1/16]: eu-north-1
ERRO[2020-05-04T14:29:37-05:00] *awserr.requestError AccessDenied: User: arn:aws:sts::111122223333:role/admin/cloud-nuke-test is not authorized to perform: autoscaling:DescribeAutoScalingGroups with an explicit deny
status code: 403, request id: 103e6933-9797-474d-b391-55ebfeb1f88d
/go/src/github.com/gruntwork-io/cloud-nuke/aws/asg.go:18 (0x18138da)
/go/src/github.com/gruntwork-io/cloud-nuke/aws/aws.go:207 (0x1817f83)
/go/src/github.com/gruntwork-io/cloud-nuke/commands/cli.go:204 (0x1831eaa)
/go/src/github.com/gruntwork-io/cloud-nuke/vendor/github.com/gruntwork-io/gruntwork-cli/errors/errors.go:93 (0x15f9d1b)
/go/src/github.com/gruntwork-io/cloud-nuke/vendor/github.com/urfave/cli/app.go:490 (0x15e89f2)
/go/src/github.com/gruntwork-io/cloud-nuke/vendor/github.com/urfave/cli/command.go:210 (0x15e9d65)
/go/src/github.com/gruntwork-io/cloud-nuke/vendor/github.com/urfave/cli/app.go:255 (0x15e6b58)
/go/src/github.com/gruntwork-io/cloud-nuke/vendor/github.com/gruntwork-io/gruntwork-cli/entrypoint/entrypoint.go:21 (0x1834167)
/go/src/github.com/gruntwork-io/cloud-nuke/main.go:13 (0x18343f7)
/usr/local/go/src/runtime/proc.go:195 (0x102b756)
main: // A program compiled with -buildmode=c-archive or c-shared
/usr/local/go/src/runtime/asm_amd64.s:2337 (0x1057911)
goexit: ???
error="AccessDenied: User: arn:aws:sts::111122223333:role/admin/cloud-nuke-test is not authorized to perform: autoscaling:DescribeAutoScalingGroups with an explicit deny\n\tstatus code: 403, request id: 103e6933-9797-474d-b391-55ebfeb1f88d"
The gotcha is that it may be safe to ignore and continue, with some errors and use cases, but not all. For example, perhaps in your use case, it's safe to ignore errors around auto scaling groups, but in other use cases, that would mean a lot of auto scaling groups that should be cleaned up are being left behind, and an operator should be notified of this error to understand why.
That said, perhaps this should be controlled via a flag like --ignore-errors. Or even better, --ignore-errors-for-resource autoscaling to ignore just errors related to auto scaling groups. A PR to add something like that is welcome.
Thank you for the reply. Agreed that it is not always safe to ignore errors, and I like the approach with the flags for granularity.
Raised https://github.com/gruntwork-io/cloud-nuke/pull/114 to address this - @int0x80 - stay tuned!
@saurabh-hirani Thanks so much! Your PR looks good; more robust than what I would have cobbled together :)
Changes have been made to continue nuking operation on other resources even some nuking operation fails for certain resources. Closing this issue.
