Introduction
aws-default-cleaner is a command line tool to delete default AWS account resources:
- VPCs
- Subnets
- Internet Gateways
- Route Tables
- Network ACLs
- Security Groups
Installation
Install package using pip package-manager
pip install aws-default-cleanerUsage
Basic usage
Currently this tool supports two operations: discover and delete.
-
discovercommand searches for default VPCs and other resources in the AWS account and outputs ids (no objects deleted) -
deletecommand tries to delete default VPCs and associated Subnets, Internet Gateways, Route Tables, Network ACLs and Security Groups
Example:
aws-default-cleaner discover
aws-default-cleaner deleteAssuming role
When you use multi-account setup with central IAM account and specific roles in spoke accounts, you can force aws-default-cleaner to assume role before performing any operations. Simply supply one or more --assume or -a flags with the corresponding role names.
Example:
aws-default-cleaner discover -a arn:aws:iam::account-one-id:role/infra-admin-assumerole -a arn:aws:iam::account-two-id:role/infra-admin-assumerole
aws-default-cleaner delete -a arn:aws:iam::XXXXXXXXXXXX:role/infra-admin-assumeroleRegion filtering
By default aws-default-cleaner will search for the default resources in the all available regions, but you can override this behavior by supplying --region or -r flags.
Example:
aws-default-cleaner discover -r eu-central-1 -r eu-west-3
aws-default-cleaner delete -r eu-central-1 -r eu-west-3
