DEV Community

Cover image for A Beginner’s Guide to Using Cloud-Nuke: Using Cloud-Nuke for Safe and Controlled Cleanup
Onifade Julius
Onifade Julius

Posted on • Updated on

A Beginner’s Guide to Using Cloud-Nuke: Using Cloud-Nuke for Safe and Controlled Cleanup

AWS cloud services is exciting to use until your bill starts pilling up because you did not stop one service from running. This was my reality a few days ago. The reason why we use cloud providers is to help us reduce cost and also make use of services effectively, but this might not be the case if not properly managed.

In this article, I’ll will be talking about a powerful tool for cleaning up your AWS account quickly and efficiently. This tool is a fast way of doing things instead of manually managing resources or doing it through Terraform, this tool is a great alternative that can be easily run from your console.

Introducing Cloud-Nuke

Cloud-Nuke is an open-source tool available on GitHub. It’s designed to delete all AWS resources within an account or clean up the account, saving you from manual clean-up tasks.

1. How to Install Gruntwork’s Cloud-Nuke

macOS or Linux

For macOS or Linux users, installation is straightforward. Simply run:

brew install cloud-nuke
Enter fullscreen mode Exit fullscreen mode

Windows

For Windows users, you can install it via Winget with the command:

winget install cloud-nuke
Enter fullscreen mode Exit fullscreen mode

Image description

If installing via Winget doesn’t work, you can manually download and install the Cloud-Nuke via GitHub:

  1. Visit the Cloud-Nuke GitHub releases page.
  2. Download the latest release for Windows (usually a .zip file).
  3. Extract the .zip file to a directory of your choice.
  4. Add the directory containing cloud-nuke.exe to your PATH:
    • Open the Start Menu, search for "Environment Variables," and select "Edit the system environment variables."
    • In the System Properties window, click on "Environment Variables."
    • In the "System variables" section, find and select the Path variable, then click "Edit."
    • Click "New" and paste the path to the directory where cloud-nuke.exe is located.
    • Click "OK" to close all windows.

To verify the installation, run the command:

cloud-nuke
Enter fullscreen mode Exit fullscreen mode

Image description

2. Setting Up AWS Credentials

Before using Cloud-Nuke, you need to export your AWS access key, secret key, and region as environment variables. Use the following commands:

export AWS_ACCESS_KEY="<PLACE_YOUR_AWS_ACCESS_KEY>"
export AWS_SECRET_KEY="<PLACE_YOUR_AWS_SECRET_KEY>"
export AWS_REGION="<PLACE_YOUR_AWS_REGION_NAME>"
Enter fullscreen mode Exit fullscreen mode

Image description

You can find these details by navigating to your AWS console:

  • On the top right corner under your username, click on My Security Credentials.
  • Navigate to Access keys (access key ID and secret access key).

Image description

  • Ensure the key status is ACTIVE.

3. Deleting All AWS Resources with Cloud-Nuke

Warning: Running Cloud-Nuke will delete all the resources in your AWS account, so proceed with caution as there’s no going back!

To delete all AWS resources, simply run:

cloud-nuke aws
Enter fullscreen mode Exit fullscreen mode

Image description

This command will display the types and quantities of resources that are about to be deleted. It will then ask for confirmation before proceeding. To confirm, type nuke and hit enter.

4. Deleting Resources in a Specific AWS Region

If you want to delete resources in a specific region, you can specify the region using the --region flag:

cloud-nuke aws --region us-east-1
Enter fullscreen mode Exit fullscreen mode

Image description

This will only affect resources in the us-east-1 region.

5. Listing Supported Resource Types

Cloud-Nuke doesn’t support all AWS resources. To list the supported resource types, run:

cloud-nuke aws --list-resource-types
Enter fullscreen mode Exit fullscreen mode

Image description

6. Excluding Resources from Deletion

To exclude specific resources from being deleted, use the --exclude-resource-type flag:

cloud-nuke aws --exclude-resource-type s3 --exclude-resource-type ec2
Enter fullscreen mode Exit fullscreen mode

7. Excluding Resources by Age

If you only want to delete resources that were created before a certain period, use the --older-than flag:

cloud-nuke aws --older-than 24h
Enter fullscreen mode Exit fullscreen mode

8. Targeting Specific Resource Types

To target specific resource types, use the --resource-type flag:

cloud-nuke aws --resource-type ec2 --resource-type ami
Enter fullscreen mode Exit fullscreen mode

This will focus the deletion process only on ec2 and ami resources. You can also use this flag to speed up the search process.

To inspect specific resource types without deleting them, run:

cloud-nuke inspect-aws --resource-type ec2
Enter fullscreen mode Exit fullscreen mode

9. Protecting Resources with the cloud-nuke-after Tag

To protect resources from accidental or premature deletion, you can tag them with cloud-nuke-after and specify a future date in the format 2024-07-09T00:00:00Z. This ensures that the resources remain intact until their designated expiration date.


By using Cloud-Nuke, you don’t only take control of your AWS resources you also prevent yourself from unexpected bills. NOTE, always use this tool with caution, especially in production environments, as it can have significant consequences on your infrastructure. Way to Cloud!

Top comments (0)