-
-
Notifications
You must be signed in to change notification settings - Fork 350
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change the order of cloud-nuke to delete IAM policy first before IAM groups #393
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This was an issue with inline polices on the IAM group, can you add a test for that?
Can you update the description - todos and release notes section |
Hmm I tried to look through the API documentation and existing set of tests in the code base, but it doesn't seem like there's a way to create IAM group with inline policy. For instance, if we look at the input struct, it doesn't provide option to create inline policy:
Also the CreateGroup request struct:
I can test this manually via the AWS UI and update the description above. |
Updated. Let me know if there's anything I missed! |
I think you can use https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/iam#Client.PutGroupPolicy |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Change the order of cloud-nuke to delete IAM policy first before IAM groups
Description
Fixes https://gruntwork.atlassian.net/browse/CORE-330.
Testing
Final confirmation from the cloud-nuke CLI:
Also, tested inline group policy deletion as well by manually creating an inline group policy AWS UI:
TODOs
Read the Gruntwork contribution guidelines.
nuke_sandbox
andnuke_phxdevops
jobs in.circleci/config.yml
have been updated with appropriate exclusions (either directly in the job or via the.circleci/nuke_config.yml
file) to prevent nuking IAM roles, groups, resources, etc that are important for the test accounts.Release Notes (draft)
Added / Removed / Updated [X].
Updated [Updated the iam-group cloud-nuke operation to delete inline group policies]
Migration Guide
No migration needed