• Recent blogs

    Unnecessary cloud expenses is a problem ? Here is a solution to tackle it

    Cloud-Nuke: Cleaning Up Your Cloud Infrastructure Hassle-Free


    In today's digital landscape, cloud computing has become an essential part of businesses of all sizes. It offers unparalleled scalability, flexibility, and cost-efficiency. However, managing cloud resources efficiently can be challenging, especially when it comes to controlling costs and avoiding unnecessary expenses. That's where Cloud-Nuke comes to the rescue. In this blog post, we will explore the concept of Cloud-Nuke, its benefits, and how it can help you effectively manage and optimize your cloud infrastructure.

    Cloud Nuke
    Cloud Nuke

    What is Cloud-Nuke?

    Cloud-Nuke is an open-source command-line tool designed to clean up and manage your cloud infrastructure. It provides a simple and effective way to identify and delete unused or idle cloud resources, preventing unnecessary costs and improving overall efficiency. Cloud-Nuke works with popular cloud providers such as Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure.

    Benefits of Cloud-Nuke

    1. Cost Optimization: Cloud-Nuke helps you optimize your cloud spending by identifying and deleting idle or unutilized resources. By removing these unnecessary resources, you can significantly reduce your cloud expenses.

    2. Improved Security: Unused cloud resources can become potential security vulnerabilities. With Cloud-Nuke, you can ensure that only necessary and actively used resources are present, minimizing the attack surface and improving your overall security posture.

    3. Simplified Resource Management: Managing cloud resources can quickly become overwhelming, especially as your infrastructure grows. Cloud-Nuke simplifies resource management by automating the process of identifying and deleting unused resources, saving you time and effort.

    4. Enhanced Performance: Unused resources can consume valuable computing power and affect the performance of your cloud infrastructure. By eliminating these resources, Cloud-Nuke helps improve the overall performance and responsiveness of your applications.

    What Resources are supported by Cloud-nuke?

    Cloud-nuke suppports 🔎 inspecting and 🔥💀 deleting the following AWS resources:

    Resource FamilyResource type
    EC2Auto scaling groups
    EC2Elastic Load Balancers (v1 and v2)
    EC2EBS Volumes
    EC2Unprotected EC2 instances
    EC2Elastic IPs
    EC2Launch Configurations
    Certificate ManagerACM Private CA
    Direct ConnectTransit Gateways
    ElasticacheParameter Groups
    ElasticacheSubnet Groups
    RDSRDS databases
    RDSDocument DB instances
    VPCDefault VPCs
    VPCDefault rules in the un-deletable default security group
    VPCNAT Gateways
    IAMRoles (and any associated EC2 instance profiles)
    IAMCustomer-managed policies
    IAMAccess analyzers
    IAMOpenID Connect providers
    Secrets ManagerSecrets
    CloudWatchLog groups
    KMSCustgomer managed keys (and associated key aliases)
    MacieMember accounts
    SageMakerNotebook instances
    API GatewayGateways (v1 and v2)
    EFSFile systems
    ConfigService recorders
    ConfigService rules
    Security HubHubs
    Security HubMembers
    Security HubAdministrators


    When executed as cloud-nuke aws, this tool is HIGHLY DESTRUCTIVE and deletes all resources! This mode should never be used in a production environment!

    When executed as cloud-nuke defaults-aws, this tool deletes all DEFAULT VPCs and the default ingress/egress rule for all default security groups. This should be used in production environments WITH CAUTION.

    How does Cloud-Nuke work?

    Cloud-Nuke follows a straightforward workflow:

    1. Resource Identification: Cloud-Nuke scans your cloud infrastructure and identifies resources that have been idle or unused for a specified period. It supports a wide range of cloud resources, including virtual machines, storage buckets, databases, load balancers, and more.

    2. Dry Run: Before actually deleting the identified resources, Cloud-Nuke allows you to perform a dry run to preview the potential deletions. This step ensures that you have full visibility into the resources that will be affected.

    3. Resource Deletion: Once you are satisfied with the dry run results, Cloud-Nuke proceeds to delete the specified resources. It performs the deletions using the appropriate APIs or command-line tools provided by the respective cloud provider.

    4. Confirmation: After the deletion process, Cloud-Nuke provides a summary of the actions taken, including the number and type of resources deleted. This confirmation allows you to review the changes and verify that the desired resources have been removed.

    Getting Started with Cloud-Nuke

    To start using Cloud-Nuke, you need to follow these steps:

    1. Installation: Cloud-Nuke can be installed via package managers like Homebrew or by downloading the binary directly from the GitHub repository.

    Download from releases page

    1. Download the latest binary for your OS on the releases page.
    2. Move the binary to a folder on your PATH. E.g.: mv cloud-nuke_darwin_amd64 /usr/local/bin/cloud-nuke.
    3. Add execute permissions to the binary. E.g.: chmod u+x /usr/local/bin/cloud-nuke.
    4. Test it installed correctly: cloud-nuke --help.

    Install via package manager

    Note that package managers are third party. The third party cloud-nuke packages may not be updated with the latest version, but are often close. Please check your version against the latest available on the releases page. If you want the latest version, the recommended installation option is to download from the releases page.

    • macOS: You can install cloud-nuke using Homebrewbrew install cloud-nuke.

    • Linux: Most Linux users can use Homebrewbrew install cloud-nuke.

    2. Configuration: You need to provide Cloud-Nuke with the necessary access credentials for your cloud provider. This typically involves generating API keys or setting up environment variables.

    Nuke or inspect resources using AWS Profile

    When using cloud-nuke aws, or cloud-nuke inspect-aws, you can pass in the AWS_PROFILE env variable to target resources in certain regions for a specific AWS account. For example the following command will nuke resources only in ap-south-1 and ap-south-2 regions in the gruntwork-dev AWS account:

    AWS_PROFILE=gruntwork-dev cloud-nuke aws --region ap-south-1 --region ap-south-2

    Similarly, the following command will inspect resources only in us-east-1

    AWS_PROFILE=gruntwork-dev cloud-nuke inspect-aws --region us-east-1

    3. Resource Exclusion: Cloud-Nuke allows you to exclude specific resources or resource types from the deletion process. This is useful for ensuring that critical resources are not accidentally removed.

    Exclude resources in certain regions

    When using cloud-nuke aws or cloud-nuke inspect-aws, you can use the --exclude-region flag to exclude resources in certain regions from being deleted or inspected. For example the following command does not nuke resources in ap-south-1 and ap-south-2 regions:

    cloud-nuke aws --exclude-region ap-south-1 --exclude-region ap-south-2

    Similarly, the following command will not inspect resources in the us-west-1 region:

    cloud-nuke inspect-aws --exclude-region us-west-1

    --region and --exclude-region flags cannot be specified together i.e. they are mutually exclusive.

    Excluding Resources by Age

    You can use the --older-than flag to only nuke resources that were created before a certain period, the possible values are all valid values for ParseDuration For example the following command nukes resources that are at least one day old:

    cloud-nuke aws --older-than 24h

    Excluding resources by age is available within:

    • cloud-nuke aws
    • cloud-nuke inspect-aws

    4. Execution: Once the setup is complete, you can run Cloud-Nuke using the provided command-line interface (CLI) commands. Remember to start with a dry run to preview the actions before performing actual deletions.

    Terminate or inspect specific resource types

    If you want to target specific resource types (e.g ec2, ami, etc.) instead of all the supported resources you can do so by specifying them through the --resource-type flag:

    cloud-nuke aws --resource-type ec2 --resource-type ami

    will search and target only ec2 and ami resources. The specified resource type should be a valid resource type i.e. it should be present in the --list-resource-types output. Using --resource-type also speeds up search because we are searching only for specific resource types.

    Similarly, the following command will inspect only ec2 instances:

    cloud-nuke inspect-aws --resource-type ec2

    Specifying target resource types is available within:

    • cloud-nuke aws
    • cloud-nuke inspect-aws

    Exclude terminating specific resource types

    Just like you can select which resources to terminate using --resource-type, you can select which resources to skip using --exclude-resource-type flag:

    cloud-nuke aws --exclude-resource-type s3 --exclude-resource-type ec2

    This will terminate all resource types other than S3 and EC2.

    --resource-type and --exclude-resource-type flags cannot be specified together i.e. they are mutually exclusive.


    Cloud-Nuke is a powerful tool that simplifies cloud resource management and cost optimization. By automating the process of identifying and removing unused resources, it helps businesses reduce unnecessary expenses

    No comments