Some organizations if not most have multiple accounts for different environments( Production, Staging, e.t.c). So it is possible to lose track of resources that might have been used for tests or experiments by engineers in the company. At the end of the day, the company is billed for all resources used. The same scenario for engineers having a personal AWS account just for experiments and they forget about some resources that might have been created in other regions they are not frequent with.

So how can we identify these resources and delete them?

AWS nuke.

So what is AWS nuke? the "nuke" in it should have given you an idea of what it's supposed to do. Basically, it's a powerful tool that will give you the ability to programmatically destroy any resources in an AWS account with a few exceptions like AWS managed resources or default resources. You can literally take your account back to how it was on the creation of the account.

It's advisable and greatly recommended not to run AWS nuke on production accounts or if you are having doubts about some particular resources. It's a very dangerous tool to use.

By default, the script runs with the dry run option meaning it just lists the resources to be deleted without actually deleting the resources. It's just another measure put in place to avoid mistakes.

Part 2 of this tutorial will contain how to set it up, adding filters, blacklists, setting specific resources to delete, and more.