I launched Cloud Nuke to make it easy to safely delete AWS resources in 3 clicks!
I've found that deleting idle & underutilized cloud resources is the quickest win to reduce spending on cloud bills. Additionally the workflow of deleting cloud resources often exist in Engineering teams but it is not well thought out and a single member scrambles to determine what needs to be deleted.
Building on clouds is getting easier, and conversely harder to delete since resources often depend on each other.
I don't think anyone is going to just throw keys in this willy nilly. Perhaps put up some instructions on how to make a one off user with the bare needed access that can be revoked after or something. Still a stretch tho.
They could do the same by using the access keys directly - using this service is strictly better since it would identify the attacker by their Stripe payment method.
Yea, agreed.. they definitely could assuming someone does something stupid and exposes keys with access to everything. But this removes the barrier of needing to have a tiny bit of technical knowledge to do it. I think pastebin post with the cloudnuke url, keys, and a stolen credit card would look pretty appetizing for bored people. I'm not saying this shouldn't exist exactly.. maybe some kind of additional identity verification would make it less scary tho.
The same pastebin could exist today by simply providing a script alongside the access keys, I don't see how this paid-for service changes anything aside adding an extra hurdle.
I thought the same then I thought that maybe they should show instructions to create a user that only has the bare needed access. After you run, you revoke. I could see myself using something akin to this when tearing down old stuff.
I do think deleting cloud resources is a valid use case in many Eng teams and directly co-relates to a lower cloud bill. Engineers are frequently building POC's, test machines or just deploying quickly to have idle/underutilized resources lying around
It's a few years since I've used AWS, but is deleting stuff that hard? I seem to remember it was a matter of deleting a cloud formation stack and maybe cleaning up a few things that you'd explicitly ask to be preserved (usually storage things like S3 buckets and DBs).
Thanks for all the feedback HN, I do agree the service is a risky tool so right now I've stubbed it out, effectively disabling its use while I figure out how to address the comments here
34 comments
[ 4.3 ms ] story [ 81.2 ms ] threadI've found that deleting idle & underutilized cloud resources is the quickest win to reduce spending on cloud bills. Additionally the workflow of deleting cloud resources often exist in Engineering teams but it is not well thought out and a single member scrambles to determine what needs to be deleted.
Building on clouds is getting easier, and conversely harder to delete since resources often depend on each other.
[1] https://www.infoworld.com/article/2608076/murder-in-the-amaz...
Q: Do you store the keys? A: No, each Nuke is an ephemeral sandboxed process and we don't store any keys.
> A: No payments are proessed directly by Stripe and we don't store your card details
"Let's eat grandma".
In the Q/A section quoted, the lack of punctuation can be read as:
> Q: Do you store my card?
> A: No payments are processed directly by Stripe, and we don't store your card details
Which implies that Stripe is not processing the payments, with the note that the card details are not stored.
This could be rewritten as:
> Q: Do you store my card?
> A: We do not store your credit card information. Payments are processed directly by Stripe, and we don't store your card details.
[0] https://i.imgur.com/gbJVPk3.png
> Q: Do you store my card?
> A: We do not store your credit card information. Payments are processed directly by Stripe, and we don't store your card details.
Thats exactly what we mean
[1] https://cloudcustodian.io/
Building & Deploying on clouds has gotten easier, and many dev environments have idle, underutilized resources that are paid for.