gcp-nuke

This is potentially very destructive! Use at your own risk!

Status: Beta. Tool is stable, but could experience odd behaviors with some resources.

Overview

Remove all resources from a GCP Project.

gcp-nuke is in beta, but it is likely that not all GCP resources are covered by it. Be encouraged to add missing resources and create a Pull Request or to create an Issue.

Documentation

All documentation is in the docs/ directory and is built using Material for Mkdocs.

It is hosted at https://ekristen.github.io/gcp-nuke/.

Attribution, License, and Copyright

This tool was written using libnuke at it's core. It shares similarities and commonalities with aws-nuke and azure-nuke. These tools would not have been possible without the hard work that came before me on the original tool by the team and contributors over at rebuy-de and their original work on rebuy-de/aws-nuke.

This tool is licensed under the MIT license as well. See the LICENSE file for more information. Reference was made to dshelley66/gcp-nuke during the creation of this tool therefore I included them in the license copyright although no direct code was used.

Usage

Note: all cli flags can also be expressed as environment variables.

By default, no destructive actions will be taken.

Example - Dry Run only

gcp-nuke run \
  --config test-config.yaml \
  --project-id playground-12345

Example - No Dry Run (DESTRUCTIVE)

To actually destroy you must add the --no-dry-run cli parameter.

gcp-nuke run \
  --config=test-config.yaml \
  --project-id playground-12345 \
  --no-dry-run

Authentication

Authentication is only supported via a Service Account either by Key or via Workload Identity.

Service Account Key

export GOOGLE_APPLICATION_CREDENTIALS=/path/to/service-account-key.json

Federated Token (Kubernetes)

coming soon

Configuring

The entire configuration of the tool is done via a single YAML file.

Example Configuration

Note: you must add at least one entry to the blocklist.

regions:
  - global
  - eastus

blocklist:
  - 00001111-2222-3333-4444-555566667777

accounts: # i.e. projects but due to the commonality of libnuke, it's accounts here universally between tools
  playground-12345:
    presets:
      - common
    filters:
      IAMRole:
        - property: Name
          type: contains
          value: CustomRole
      IAMServiceAccount:
        - property: Name
          type: contains
          value: custom-service-account

presets:
  common:
    filters:
      VPC:
        - default

Name		Name	Last commit message	Last commit date
Latest commit History 106 Commits
.github		.github
docs		docs
pkg		pkg
resources		resources
tools/create-resource		tools/create-resource
.gitignore		.gitignore
.goreleaser.yml		.goreleaser.yml
.releaserc.yml		.releaserc.yml
Dockerfile		Dockerfile
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
cosign.pub		cosign.pub
go.mod		go.mod
go.sum		go.sum
main.go		main.go
mkdocs.yml		mkdocs.yml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

gcp-nuke

Overview

Documentation

Attribution, License, and Copyright

Usage

Example - Dry Run only

Example - No Dry Run (DESTRUCTIVE)

Authentication

Service Account Key

Federated Token (Kubernetes)

Configuring

Example Configuration

About

Releases 71

Packages

Contributors 2

Languages

License

ekristen/gcp-nuke

Folders and files

Latest commit

History

Repository files navigation

gcp-nuke

Overview

Documentation

Attribution, License, and Copyright

Usage

Example - Dry Run only

Example - No Dry Run (DESTRUCTIVE)

Authentication

Service Account Key

Federated Token (Kubernetes)

Configuring

Example Configuration

About

Topics

Resources

License

Stars

Watchers

Forks

Releases 71

Packages 0

Contributors 2

Languages

Packages