-
-
Notifications
You must be signed in to change notification settings - Fork 353
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement support for GuardDuty Detectors #320
Conversation
ec9436b
to
1fcf792
Compare
23ae18f
to
503e893
Compare
503e893
to
219b80e
Compare
@@ -217,7 +217,7 @@ func GetAllResources(targetRegions []string, excludeAfter time.Time, resourceTyp | |||
|
|||
count := 1 | |||
totalRegions := len(targetRegions) | |||
var resourcesCache = map[string]map[string][]*string{} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Switched to https://github.com/mvdan/gofumpt for auto-formatting, so that's why some of these vars and extra lines are getting cleaned up.
@@ -3,7 +3,7 @@ module github.com/gruntwork-io/cloud-nuke | |||
go 1.16 | |||
|
|||
require ( | |||
github.com/aws/aws-sdk-go v1.42.4 | |||
github.com/aws/aws-sdk-go v1.44.46 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Without this upgrade, some of the latest GuardDuty methods are not available.
Current test failures are unrelated to these changes: https://app.circleci.com/pipelines/github/gruntwork-io/cloud-nuke/7707/workflows/9ac32cd5-a46b-4f34-8ce4-3bbe2d756e1f/jobs/28629 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Mostly LGTM! Had one nit about performance.
for _, detectorId := range detectorIds { | ||
params := &guardduty.DeleteDetectorInput{ | ||
DetectorId: aws.String(detectorId), | ||
} | ||
|
||
_, err := svc.DeleteDetector(params) | ||
|
||
if err != nil { | ||
logging.Logger.Errorf("[Failed] %s: %s", detectorId, err) | ||
} else { | ||
deletedIds = append(deletedIds, detectorId) | ||
logging.Logger.Infof("Deleted GuardDuty detector: %s", detectorId) | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is probably ok since AFAIK there can only be a limited number of detectors per region, but recommend using the same pattern as NAT Gateway (https://github.com/gruntwork-io/cloud-nuke/blob/master/aws/nat_gateway.go#L63) to implement concurrent deletion of the detectors.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, also saw this pattern in the cloudwatch_loggroup that you added! I'll file a ticket to do this in a follow-up PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Filed #324 to track.
Thanks for reviews! Going to merge this in now. |
Description
Implement support for inspecting and destroying GuardDuty Detectors.
Closes #321
Closes #175
TODOs
Read the Gruntwork contribution guidelines.
Release Notes (draft)
Added support for inspecting and nuking GuardDuty detectors
Migration Guide