Tag Support?

[QuinnyPig]

I'm wondering if there might be value to having tag support in AWS nuke. Picture a tag with a timestamp value. From there, you could configure aws-nuke to remove everything more than X days old, plus an exception list.

Auto-cleanup of dev accounts suddenly becomes trivial with the right automation in place to ensure those tags get placed / propagated.

[tomvachon]

@QuinnyPig this could be added but what about non-tagable systems? If your goal is "more than X days" we could do this by create date as all things have that. The filter system already allows for narrow or wider exemptions.

@svenwltr @bjoernhaeuser what do you guys think?

[bjoernhaeuser]

I like that idea. The thing is what I am seeing troublesome is: That would mean we would need to start managing dependencies -> something we try to avoid as much as possible.

[svenwltr]

Like @bjoernhaeuser said, that we would start to manage dependencies between resources. This is a very cumbersome task which we unlikely ever complete, because AWS has many resources and the API is not very consistent in getting such information. This means we would have to touch every single resource again and figure out how to get the timestamp and what this resource depends on. This might be easy for something like a volume or a volume attachment, but very hard for something like a subnet or a Route53 record.

And on top of that there is the bigger problem that, if we miss a dependency somewhere we might delete to many resources. This is in contrast to the current behaviour, where a resource does not get deleted at all if it is incompletely added to aws-nuke (ie not added yet).

[stephenjonpeters]

what about including tags in the dry-run output? then using the output, we can add the filters to the config file? adds functionality but doesn't change core code.

[svenwltr]

@stephenjonpeters This is already the case for resources that support tags (like CloudFormation #237). Unfortunately not much resources support this right now.