Skills2026年4月16日·1 分钟阅读

Cloud Nuke — Wipe AWS Resources with a Single Command

A CLI tool from Gruntwork for cleaning up AWS accounts by deleting all resources across regions. Cloud Nuke is essential for tearing down sandbox environments, reducing cloud costs, and preventing resource sprawl.

Script Depot
Script Depot · Community
Agent 就绪

Agent 可直接安装

这个资产可安装;Agent 先选择当前运行时、检查安装计划,再运行匹配命令。

Native · 98/100策略:允许
Agent 入口
任意 MCP/CLI Agent
类型
Skill
安装
Single
信任
信任等级:Established
入口
Cloud Nuke Overview
直接安装命令
npx -y tokrepo@latest install e7c09266-39d2-11f1-9bc6-00163e2b0d79 --target codex

先 dry-run 确认安装计划,再运行此命令。

TL;DR
Gruntwork CLI tool that deletes all AWS resources across regions in one command for sandbox cleanup and cost control.
§01

What it is

Cloud Nuke is a CLI tool from Gruntwork that deletes AWS resources across all regions in a single command. It supports EC2 instances, S3 buckets, Lambda functions, IAM roles, VPCs, RDS databases, and dozens of other resource types. You can filter by resource type, region, age, and tags.

Cloud Nuke targets DevOps engineers and platform teams who manage sandbox, development, and testing AWS accounts. It solves the problem of resource sprawl where forgotten resources accumulate and generate unexpected cloud bills.

§02

How it saves time or tokens

Manually deleting AWS resources through the console requires clicking through each service in each region. Cloud Nuke automates this across all regions and resource types in seconds. For organizations with multiple sandbox accounts, running Cloud Nuke on a schedule prevents cost surprises from forgotten resources.

§03

How to use

  1. Install Cloud Nuke via Homebrew or download the binary.
  2. Configure AWS credentials.
  3. Run the nuke command with appropriate filters.
# Install
brew install cloud-nuke

# Delete ALL resources in an account (dangerous)
cloud-nuke aws

# Delete resources older than 24 hours
cloud-nuke aws --older-than 24h

# Delete only specific resource types
cloud-nuke aws --resource-type ec2 --resource-type s3

# Delete resources in specific regions only
cloud-nuke aws --region us-east-1 --region eu-west-1

# Dry run (list what would be deleted)
cloud-nuke aws --dry-run
§04

Example

# cloud-nuke config file for targeted cleanup
# .cloud-nuke.yml
ec2:
  include:
    names_regex:
      - 'dev-.*'
      - 'test-.*'
  exclude:
    names_regex:
      - 'prod-.*'

s3:
  include:
    names_regex:
      - '.*-sandbox-.*'
§05

Related on TokRepo

§06

Common pitfalls

  • Cloud Nuke deletes resources permanently. There is no undo. Always use --dry-run first and restrict to sandbox accounts. Never run against production AWS accounts.
  • Some resources have deletion dependencies (e.g., VPCs cannot be deleted while ENIs are attached). Cloud Nuke handles most dependencies but may fail on complex resource graphs.
  • IAM resource deletion can break other accounts if the IAM roles are used cross-account. Exclude IAM resources unless you are certain they are scoped to the target account.

常见问题

Is Cloud Nuke safe to use on production accounts?+

No. Cloud Nuke is designed for sandbox and development accounts. Running it on a production account will delete production resources permanently. Use AWS Organizations to isolate sandbox accounts and restrict Cloud Nuke access to those accounts only.

What AWS resources does Cloud Nuke support?+

Cloud Nuke supports EC2, S3, Lambda, RDS, DynamoDB, ECS, EKS, IAM, VPC, CloudWatch, SNS, SQS, Elastic Beanstalk, and dozens more. The full list is in the GitHub README. New resource types are added regularly.

Can I schedule Cloud Nuke to run automatically?+

Yes. You can run Cloud Nuke as a cron job, Lambda function, or CI/CD pipeline step. A common pattern is to schedule nightly cleanup of resources older than 48 hours in sandbox accounts. Use the --force flag to skip confirmation prompts in automated runs.

How does Cloud Nuke handle multi-region resources?+

Cloud Nuke scans all enabled AWS regions by default. It queries each region in parallel for supported resource types and deletes them. You can restrict to specific regions using the --region flag if you only want to clean certain regions.

Does Cloud Nuke support filtering by tags?+

Yes. You can use the config file to include or exclude resources based on name patterns. Tag-based filtering is supported through name regex patterns. This lets you protect specific resources while nuking everything else in a sandbox account.

引用来源 (3)
TokRepo 相关
DevOps toolsAutomation toolsFeatured workflows

讨论

登录后参与讨论。
还没有评论,来写第一条吧。

相关资产

AWS CDK — Define Cloud Infrastructure Using Real Programming Languages

The AWS Cloud Development Kit lets you define cloud infrastructure in TypeScript, Python, Java, Go, or C# instead of YAML templates. CDK synthesizes your code into CloudFormation and deploys it with a single command.

Skills
AI Open Source

Serverless Framework — Build and Deploy Serverless Apps to Any Cloud

The most widely adopted toolkit for building serverless applications on AWS Lambda, Azure Functions, Google Cloud Functions, and more. Define infrastructure and functions in a single YAML file and deploy with one command.

Skills
Script Depot

Cloud Custodian — Cloud Security & Cost Governance Rules Engine

A YAML-based rules engine for managing cloud resources across AWS, Azure, and GCP. Cloud Custodian enforces security policies, optimizes costs, and ensures compliance through automated actions on non-compliant resources.

Skills
Script Depot

Prowler — Cloud Security Assessment for AWS, Azure and GCP

Prowler is an open-source security tool that audits your cloud infrastructure against hundreds of compliance checks for AWS, Azure, GCP, and Kubernetes, generating actionable reports.

Skills
Script Depot
首页🔍搜索👤我的