Implement support for GuardDuty Detectors #320
Conversation
zackproser
requested review from
marinalimeira,
infraredgirl,
robmorgan and
ina-stoyanova
as code owners
zackproser
force-pushed
the
feature/guardduty
branch
2 times, most recently
from
ec9436b
to
1fcf792
Compare
zackproser
changed the title
zackproser
force-pushed
the
feature/guardduty
branch
2 times, most recently
from
23ae18f
to
503e893
Compare
zackproser
force-pushed
the
feature/guardduty
branch
from
503e893
to
219b80e
Compare
zackproser
requested review from
yorinasub17,
rhoboat and
denis256
as code owners
| @@ -217,7 +217,7 @@ func GetAllResources(targetRegions []string, excludeAfter time.Time, resourceTyp | |||
|
|
|||
| count := 1 | |||
| totalRegions := len(targetRegions) | |||
| var resourcesCache = map[string]map[string][]*string{} | |||
There was a problem hiding this comment.
Switched to https://github.com/mvdan/gofumpt for auto-formatting, so that's why some of these vars and extra lines are getting cleaned up.
| @@ -3,7 +3,7 @@ module github.com/gruntwork-io/cloud-nuke | |||
| go 1.16 | |||
|
|
|||
| require ( | |||
| github.com/aws/aws-sdk-go v1.42.4 | |||
| github.com/aws/aws-sdk-go v1.44.46 | |||
There was a problem hiding this comment.
Without this upgrade, some of the latest GuardDuty methods are not available.
|
Current test failures are unrelated to these changes: https://app.circleci.com/pipelines/github/gruntwork-io/cloud-nuke/7707/workflows/9ac32cd5-a46b-4f34-8ce4-3bbe2d756e1f/jobs/28629 |
| for _, detectorId := range detectorIds { | ||
| params := &guardduty.DeleteDetectorInput{ | ||
| DetectorId: aws.String(detectorId), | ||
| } | ||
|
|
||
| _, err := svc.DeleteDetector(params) | ||
|
|
||
| if err != nil { | ||
| logging.Logger.Errorf("[Failed] %s: %s", detectorId, err) | ||
| } else { | ||
| deletedIds = append(deletedIds, detectorId) | ||
| logging.Logger.Infof("Deleted GuardDuty detector: %s", detectorId) | ||
| } | ||
| } |
There was a problem hiding this comment.
This is probably ok since AFAIK there can only be a limited number of detectors per region, but recommend using the same pattern as NAT Gateway (https://github.com/gruntwork-io/cloud-nuke/blob/master/aws/nat_gateway.go#L63) to implement concurrent deletion of the detectors.
There was a problem hiding this comment.
Thanks, also saw this pattern in the cloudwatch_loggroup that you added! I'll file a ticket to do this in a follow-up PR.
There was a problem hiding this comment.
Filed #324 to track.
|
Thanks for reviews! Going to merge this in now. |
Description
Implement support for inspecting and destroying GuardDuty Detectors.
Closes #321
Closes #175
TODOs
Read the Gruntwork contribution guidelines.
Release Notes (draft)
Added support for inspecting and nuking GuardDuty detectors
Migration Guide