-
-
Notifications
You must be signed in to change notification settings - Fork 353
/
ec2_internet_gateway.go
162 lines (138 loc) · 4.63 KB
/
ec2_internet_gateway.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
package resources
import (
"context"
"fmt"
"time"
awsgo "github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/ec2"
"github.com/aws/aws-sdk-go/service/ec2/ec2iface"
"github.com/gruntwork-io/cloud-nuke/config"
"github.com/gruntwork-io/cloud-nuke/logging"
r "github.com/gruntwork-io/cloud-nuke/report" // Alias the package as 'r'
"github.com/gruntwork-io/cloud-nuke/util"
"github.com/gruntwork-io/go-commons/errors"
)
func shouldIncludeGateway(ig *ec2.InternetGateway, firstSeenTime *time.Time, configObj config.Config) bool {
var internetGateway string
// get the tags as map
tagMap := util.ConvertEC2TagsToMap(ig.Tags)
if name, ok := tagMap["Name"]; ok {
internetGateway = name
}
return configObj.InternetGateway.ShouldInclude(config.ResourceValue{
Name: &internetGateway,
Tags: tagMap,
Time: firstSeenTime,
})
}
func (igw *InternetGateway) getAll(c context.Context, configObj config.Config) ([]*string, error) {
var identifiers []*string
var firstSeenTime *time.Time
var err error
input := &ec2.DescribeInternetGatewaysInput{}
resp, err := igw.Client.DescribeInternetGateways(input)
if err != nil {
logging.Debugf("[Internet Gateway] Failed to list internet gateways: %s", err)
return nil, err
}
for _, ig := range resp.InternetGateways {
firstSeenTime, err = util.GetOrCreateFirstSeen(c, igw.Client, ig.InternetGatewayId, util.ConvertEC2TagsToMap(ig.Tags))
if err != nil {
logging.Error("Unable to retrieve tags")
return nil, errors.WithStackTrace(err)
}
if shouldIncludeGateway(ig, firstSeenTime, configObj) {
identifiers = append(identifiers, ig.InternetGatewayId)
// get vpc id for this igw and update the map
if len(ig.Attachments) > 0 {
igw.GatewayVPCMap[awsgo.StringValue(ig.InternetGatewayId)] = awsgo.StringValue(ig.Attachments[0].VpcId)
}
}
}
// Check and verify the list of allowed nuke actions
igw.VerifyNukablePermissions(identifiers, func(id *string) error {
params := &ec2.DeleteInternetGatewayInput{
InternetGatewayId: id,
DryRun: awsgo.Bool(true),
}
_, err := igw.Client.DeleteInternetGateway(params)
return err
})
return identifiers, nil
}
func (igw *InternetGateway) nukeAll(identifiers []*string) error {
if len(identifiers) == 0 {
logging.Debugf("No internet gateway identifiers to nuke in region %s", igw.Region)
return nil
}
logging.Debugf("Deleting all internet gateways in region %s", igw.Region)
var deletedGateways []*string
for _, id := range identifiers {
if nukable, reason := igw.IsNukable(*id); !nukable {
logging.Debugf("[Skipping] %s nuke because %v", *id, reason)
continue
}
err := igw.nuke(id)
// Record status of this resource
e := r.Entry{ // Use the 'r' alias to refer to the package
Identifier: awsgo.StringValue(id),
ResourceType: "Internet Gateway",
Error: err,
}
r.Record(e)
if err == nil {
deletedGateways = append(deletedGateways, id)
}
}
logging.Debugf("[OK] %d internet gateway(s) deleted in %s", len(deletedGateways), igw.Region)
return nil
}
func (igw *InternetGateway) nuke(id *string) error {
// get the vpc id for current igw
vpcID, ok := igw.GatewayVPCMap[awsgo.StringValue(id)]
if !ok {
logging.Debug(fmt.Sprintf("Failed to read the vpc Id for %s",
awsgo.StringValue(id)))
return fmt.Errorf("Failed to retrieve the VPC ID for %s, which is mandatory for the internet gateway nuke operation.",
awsgo.StringValue(id))
}
err := nukeInternetGateway(igw.Client, id, vpcID)
if err != nil {
return errors.WithStackTrace(err)
}
return nil
}
func nukeInternetGateway(client ec2iface.EC2API, gatewayId *string, vpcID string) error {
var err error
logging.Debug(fmt.Sprintf("Detaching Internet Gateway %s",
awsgo.StringValue(gatewayId)))
_, err = client.DetachInternetGateway(
&ec2.DetachInternetGatewayInput{
InternetGatewayId: gatewayId,
VpcId: awsgo.String(vpcID),
},
)
if err != nil {
logging.Debug(fmt.Sprintf("Failed to detach internet gateway %s",
awsgo.StringValue(gatewayId)))
return errors.WithStackTrace(err)
}
logging.Debug(fmt.Sprintf("Successfully detached internet gateway %s",
awsgo.StringValue(gatewayId)))
// nuking the internet gateway
logging.Debug(fmt.Sprintf("Deleting internet gateway %s",
awsgo.StringValue(gatewayId)))
_, err = client.DeleteInternetGateway(
&ec2.DeleteInternetGatewayInput{
InternetGatewayId: gatewayId,
},
)
if err != nil {
logging.Debug(fmt.Sprintf("Failed to delete internet gateway %s",
awsgo.StringValue(gatewayId)))
return errors.WithStackTrace(err)
}
logging.Debug(fmt.Sprintf("Successfully deleted internet gateway %s",
awsgo.StringValue(gatewayId)))
return nil
}