Cloud-nuke is a command-line interface tool designed to delete AWS resources in bulk for account cleanup and cost management purposes. The tool provides both destructive and non-destructive functionality, allowing users to either inspect resources or delete them entirely. It supports cleaning up testing accounts, removing redundant resources, and eliminating unnecessary default configurations such as default VPCs and permissive security group rules. The tool can be used as a standalone CLI application or consumed as library methods for scripting purposes. It offers comprehensive support for various AWS services including EC2 instances, Auto Scaling groups, Elastic Load Balancers (v1 and v2), EBS volumes, AMIs, snapshots, Elastic IPs, and launch configurations. Additional supported resources include EC2 IPAM components (IP Address Manager, pools, scopes, custom allocations, BYOASN, and resource discovery), networking components (Internet Gateways, Network ACLs, egress-only internet gateways, endpoints), and security components (security groups and network interfaces). The tool is particularly useful for preventing unexpected charges from leftover resources in testing environments and maintaining clean AWS accounts by removing unused or default resources.
FEATURES
SIMILAR TOOLS
A deprecated Kubernetes workload policy enforcement tool that helped secure multi-tenant clusters through various security policies and configurations.
A tutorial demonstrating how to implement Kubernetes Engine security features to control application privileges through host access controls and network access policies.
A command-line security auditing tool that performs Lynis-based security assessments across AWS, GCP, Azure, and DigitalOcean cloud platforms.
FestIn discovers open S3 buckets associated with a domain using crawling and DNS reconnaissance techniques.
Kube-bench is a security assessment tool that validates Kubernetes deployments against CIS Kubernetes Benchmark standards through automated configuration checks.
HAWK is a multi-cloud antivirus scanning API that uses CLAMAV and YARA engines to detect malware in AWS S3, Azure Blob Storage, and GCP Cloud Storage objects.
Collection of Kubernetes manifests creating pods with elevated privileges for security testing.
A setuid implementation of user namespaces that enables running unprivileged containers without root privileges as a secure alternative to traditional container runtimes.
A search engine for open Amazon S3 buckets and their contents, allowing users to search for files using keywords, filename extensions, and full path.