Awesome
gcp-nuke
This is potentially very destructive! Use at your own risk!
Status: Beta. Tool is stable, but could experience odd behaviors with some resources.
Overview
Remove all resources from a GCP Project.
gcp-nuke is in beta, but it is likely that not all GCP resources are covered by it. Be encouraged to add missing resources and create a Pull Request or to create an Issue.
Documentation
All documentation is in the docs/ directory and is built using Material for Mkdocs.
It is hosted at https://ekristen.github.io/gcp-nuke/.
Attribution, License, and Copyright
This tool was written using libnuke at it's core. It shares similarities and commonalities with aws-nuke and azure-nuke. These tools would not have been possible without the hard work that came before me on the original tool by the team and contributors over at rebuy-de and their original work on rebuy-de/aws-nuke.
This tool is licensed under the MIT license as well. See the LICENSE file for more information. Reference was made to dshelley66/gcp-nuke during the creation of this tool therefore I included them in the license copyright although no direct code was used.
Usage
Note: all cli flags can also be expressed as environment variables.
By default, no destructive actions will be taken.
Example - Dry Run only
gcp-nuke run \
--config test-config.yaml \
--project-id playground-12345
Example - No Dry Run (DESTRUCTIVE)
To actually destroy you must add the --no-dry-run
cli parameter.
gcp-nuke run \
--config=test-config.yaml \
--project-id playground-12345 \
--no-dry-run
Authentication
Authentication is only supported via a Service Account either by Key or via Workload Identity.
Service Account Key
export GOOGLE_APPLICATION_CREDENTIALS=/path/to/service-account-key.json
Federated Token (Kubernetes)
coming soon
Configuring
The entire configuration of the tool is done via a single YAML file.
Example Configuration
Note: you must add at least one entry to the blocklist.
regions:
- global
- eastus
blocklist:
- 00001111-2222-3333-4444-555566667777
accounts: # i.e. projects but due to the commonality of libnuke, it's accounts here universally between tools
playground-12345:
presets:
- common
filters:
IAMRole:
- property: Name
type: contains
value: CustomRole
IAMServiceAccount:
- property: Name
type: contains
value: custom-service-account
presets:
common:
filters:
VPC:
- default