-
-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: cloud control resources #505
Conversation
@corybekk if you can give the build a shot once it is done, I've done testing myself, everything seems to be in working order now. |
@corybekk I saw the emoji icon on the above comment, any luck in testing? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ekristen I tested a aws-nuke config with multiple cloud control api resources along with their filters successfully. I have included the output below.
test output:
us-west-2 - AWS::ECS::CapacityProvider - FARGATE - [Identifier: "FARGATE", Name: "FARGATE"] - filtered: filtered by config
us-west-2 - AWS::ECS::CapacityProvider - FARGATE_SPOT - [Identifier: "FARGATE_SPOT", Name: "FARGATE_SPOT"] - filtered: filtered by config
us-east-1 - AWS::Bedrock::Prompt - arn:aws:bedrock:us-east-1:33333:prompt/UWO3VMX0 - [Arn: "arn:aws:bedrock:us-east-1:3333:prompt/UWO3VMX0", CreatedAt: "2025-01-10T18:13:21.835972748Z", Id: "UW3SKVMX0", Identifier: "arn:aws:bedrock:us-east-1:383930:prompt/UWO33MX0", Name: "test_prompt", UpdatedAt: "2025-01-10T18:13:33.708406129Z", Version: "DRAFT"] - removed
observation:
While this issue is outside the scope of this bug, I noticed that the Cloud Control API frequently encounters ThrottlingExceptions. This was also a known issue with the old aws-nuke.
To address this in our fork, I added retry logic, which resolved the problem. It might be helpful to implement similar retry logic here, either as part of this PR or a separate one. If needed, I’m happy to contribute a PR for this, though I’m not very familiar with Go, so it might take some time and additional review + updates before it's ready.
Sample logs for reference:
time="2025-01-10T18:14:24Z" level=error msg="listing failed:\n ThrottlingException: Rate exceeded" error="ThrottlingException: Rate exceeded" owner=us-west-2 resource_type="AWS::Bedrock::Guardrail"
time="2025-01-10T18:14:24Z" level=error msg="listing failed:\n ThrottlingException: Rate exceeded" error="ThrottlingException: Rate exceeded" owner=us-west-2 resource_type="AWS::Glue::Registry"
time="2025-01-10T18:14:24Z" level=error msg="listing failed:\n ThrottlingException: Rate exceeded" error="ThrottlingException: Rate exceeded" owner=us-west-2 resource_type="AWS::Route53Resolver::ResolverDNSSECConfig"
ps: Thank you very much for porting this functionality over so quickly! This is HUGE for us, and we really appreciate it.
🎉 This PR is included in version 3.43.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
@corybekk I opened a new issue #508 to track the rate limiting. I've already been implementing rate limiting code throughout the tool, if we can find out what the rate limits are it's very easy to add. Fallback could be retry logic, I would prefer to try and stay under the rate limiting if possible. |
Overview
It was discovered that the auto-registration of cloud control resources when provided via configured or via the command line flag was not working. It turns out that the feature was accidentally never ported over.
While investigating it was also found that the existing cloud control resources that are defined within the tool were not being properly registered as a resource.
Changes
list-resources
command to show all resource types with descriptionsExample Output for
list-resources
Usage
This will dynamically register the
AWS::Bedrock::Agent
cloud control resource and then include only it in the resources to iterate over. If you omit--include
it'll register the cloud control resource and add it to the entire list of resource types to scan.aws-nuke run -c config.yaml --include AWS::Bedrock::Agent --cloud-control AWS::Bedrock::Agent
Thanks
Thanks to @corybekk for bringing this to my attention.
Documentation Preview
https://602b46bf.aws-nuke.pages.dev/
References
Builds
Builds will be available here for testing before merge. https://github.com/ekristen/aws-nuke/actions/runs/12700781942