AWSweeper wipes out all (or parts) of the resources in your AWS account. Resources to be deleted can be filtered by their ID, tags or creation date using regular expressions declared in a yaml file (see config.yml).
AWSweeper can delete many, but not all resources yet. Your help supporting more resources is very much appreciated (please read this issue to see how easy it is). Note that AWSweeper is based on the cloud-agnostic Terraform API for deletion - so it's planned to support deleting Azure and Google Cloud Platform resources soon, too.
Releases for your platform are here.
awsweeper [options] <config.yml>
To see options available run
Resources to be deleted are filtered by a yaml configuration. To learn how, have a look at the following example:
aws_instance: - id: ^foo.* tags: foo: bar bla: blub created: before: 2018-06-14 after: 2018-10-28 12:28:39 +0000 - tags: foo: bar created: before: 2018-06-14 aws_iam_role:
This config would delete all instances which ID matches
^foo.* and which have tags
foo: bar and
and which have been created between
2018-10-28 12:28:39 +0000 UTC and
2018-06-14. Additionally, it would delete instances
foo: bar and which are older than
Furthermore, this config would delete all IAM roles, as there is no list of filters provided for this resource type.
The general syntax of the filter config is as follows:
<resource type>: # filter 1 - id: <regex to filter by id> tags: <key>: <regex to filter value> ... created: before: <timestamp> (optional) after: <timestamp> (optional) # filter 2 - ... <resource type>: ...
A more detailed description of the ways to filter resources:
1) All resources of a particular type
Terraform types are used to identify resources of a particular type
aws_security_group selects all resources that are security groups,
aws_iam_role all roles,
aws_instance all EC2 instances).
In the example above, by simply adding
security_group: (no further filters for IDs or tags),
all security groups in your account would be deleted. Use the all.yml, to delete all (currently supported)
2) By tags
You can narrow down on particular types of resources by the tags they have.
If most of your resources have tags, this is probably the best to filter them for deletion. But be aware: not all resources support tags and can be filtered this way.
In the example above, all EC2 instances are terminated that have a tag with key
foo and value
bar as well as
bla and value
3) By ID
You can narrow down on particular types of resources by filtering on their IDs.
To see what the IDs of your resources are (could be their name, ARN, a random number),
run awsweeper in dry-run mode:
awsweeper --dry-run all.yml. This way, nothing is deleted but
all the IDs and tags of your resources are printed. Then, use this information to create the yaml file.
In the example above, all roles which name starts with
foo are deleted (the ID of roles is their name).
4) By creation date
You can select resources by filtering on the date they have been created.
awsweeper --dry-run <config.yml> to only show what
would be deleted. This way, you can fine-tune your yaml configuration until it works the way you want it to.
AWSweeper can currently delete many but not all of the existing types of AWS resources:
Note that the above list contains terraform types which must be used instead of AWS resource types to identify resources in the yaml configuration. The reason is that AWSweeper is build upon the already existing delete routines provided by the Terraform AWS provider.
WARNING: Running acceptance tests create real resources that might cost you money.
Run all acceptance tests with
make testacc TESTARGS='-run=TestAccVpc*'
to test the working of AWSweeper for a just single resource, such as
This tool is thoroughly tested. However, you are using this tool at your own risk! I will not take any responsibility if you delete any critical resources in your production environments.