34 comments

[ 4.3 ms ] story [ 81.2 ms ] thread
I launched Cloud Nuke to make it easy to safely delete AWS resources in 3 clicks!

I've found that deleting idle & underutilized cloud resources is the quickest win to reduce spending on cloud bills. Additionally the workflow of deleting cloud resources often exist in Engineering teams but it is not well thought out and a single member scrambles to determine what needs to be deleted.

Building on clouds is getting easier, and conversely harder to delete since resources often depend on each other.

The hard bit is checking that all the dependencies you're about to delete are not used anywhere else.
Agree. This is an early version of that pitch :)
I don't think anyone is going to just throw keys in this willy nilly. Perhaps put up some instructions on how to make a one off user with the bare needed access that can be revoked after or something. Still a stretch tho.
kind of terrifying.. wonder how long until a script kiddy finds some access/secret keys in github or somewhere else and kills a company.
They could do the same by using the access keys directly - using this service is strictly better since it would identify the attacker by their Stripe payment method.
Yea, agreed.. they definitely could assuming someone does something stupid and exposes keys with access to everything. But this removes the barrier of needing to have a tiny bit of technical knowledge to do it. I think pastebin post with the cloudnuke url, keys, and a stolen credit card would look pretty appetizing for bored people. I'm not saying this shouldn't exist exactly.. maybe some kind of additional identity verification would make it less scary tho.
The same pastebin could exist today by simply providing a script alongside the access keys, I don't see how this paid-for service changes anything aside adding an extra hurdle.
Relying on a cheap payment online to identify an individual determined to act maliciously likely isn't going to lead anywhere useful.
You have to be completely nuts to put your secret keys in a site on the web.
From the FAQs

Q: Do you store the keys? A: No, each Nuke is an ephemeral sandboxed process and we don't store any keys.

Not sure that's gonna be enough assurance, my friend
I thought the same then I thought that maybe they should show instructions to create a user that only has the bare needed access. After you run, you revoke. I could see myself using something akin to this when tearing down old stuff.
> Q: Do you store my card?

> A: No payments are proessed directly by Stripe and we don't store your card details

"Let's eat grandma".

I don't follow...?
The parent post above is referencing an online meme that pokes fun at a lack of punctuation[0].

In the Q/A section quoted, the lack of punctuation can be read as:

> Q: Do you store my card?

> A: No payments are processed directly by Stripe, and we don't store your card details

Which implies that Stripe is not processing the payments, with the note that the card details are not stored.

This could be rewritten as:

> Q: Do you store my card?

> A: We do not store your credit card information. Payments are processed directly by Stripe, and we don't store your card details.

[0] https://i.imgur.com/gbJVPk3.png

gotcha, thanks makes sense now.

> Q: Do you store my card?

> A: We do not store your credit card information. Payments are processed directly by Stripe, and we don't store your card details.

Thats exactly what we mean

Updated the FAQs. Thanks for pointing this out
You would have to be crazy to utilize this tool.
I do think deleting cloud resources is a valid use case in many Eng teams and directly co-relates to a lower cloud bill. Engineers are frequently building POC's, test machines or just deploying quickly to have idle/underutilized resources lying around
It's a few years since I've used AWS, but is deleting stuff that hard? I seem to remember it was a matter of deleting a cloud formation stack and maybe cleaning up a few things that you'd explicitly ask to be preserved (usually storage things like S3 buckets and DBs).
It's definitely not point-and-click. My thesis (and experience) is that it has gotten harder

Building & Deploying on clouds has gotten easier, and many dev environments have idle, underutilized resources that are paid for.

The overuse of emojis kill all of your credibility and make you seem like a child playing with my secret keys.
Ok, thanks for that feedback. It's currently disabled while I figure out next steps
Thanks for all the feedback HN, I do agree the service is a risky tool so right now I've stubbed it out, effectively disabling its use while I figure out how to address the comments here