Open in app

Sign in

Write

Sign in

Using AWS NUKE with PowerShell

Bertrand Oubida
4 min readSep 12, 2024

--

BIG WARNING: Remember that AWS NUKE removes EVERYTHING in the specified account. Please be very careful when using this resource.

Starting resources:

To complete this project, you need an AWS account with an Access Key created and ready for use, Powershell (ran as administrator) with the AWS CLI installed, and the AWS Nuke release page.

AWS Nuke Github page
AWS console with a pipeline built
Windows terminal

Step by step Process:

To begin, “RUN” the terminal as an administrator, and to confirm that you have the AWS CLI downloaded, type in

aws - version

To connect your AWS account if not already configured, simply gather the Access Key and Secret password you created from your AWS console, and in the terminal, type in

aws configure

After entering your credentials, it is time to download AWS Nuke.

As of September 10th, 2024, below was the latest version of the Zip file of AWS Nuke to download for Windows. Simply copy and paste the following into your terminal

curl -LO https://github.com/rebuy-de/aws-nuke/releases/download/v2.25.0/aws-nuke-v2.25.0-windows-amd64.zip

now that you have the zip file, time to extract all that is inside

tar -xf aws-nuke-v2.25.0-windows-amd64.zip

To make it easy for ourselves, we’re going to create a new directory, rename the executable file of AWS Nuke, and move it to the newly created directory where we will also create a config file.

mkdir "C:\Program Files\AWS Nuke"
ren aws-nuke-v2.25.0-windows-amd64.exe aws-nuke.exe
move aws-nuke.exe "C:\Program Files\AWS Nuke"
cd "C:\Program Files\AWS Nuke"

Double-check that all the commands worked by simply copying and pasting this to your terminal.

.\aws-nuke.exe - help

Now let’s create and edit a config file to do as we please with AWS Nuke. You can customize the config file to your liking using the AWS Nuke Github page for guidance, this way you can place resources on the do not touch list, or specify resources you want to get rid of.

In the terminal, type in the command below

notepad nuke-config.yml
Example of default config file, edit as you see fit

Here is mine:

regions:
  - "us-east-1"  # Add more regions as needed
account-blocklist:
  - "999999999999"  # Replace with your own AWS account ID if you don't want to nuke it (if you want to nuke your account, remove this line)
accounts:
  "----------":  # Replace with your actual AWS account ID

After editing the config file, run the executable with the command below

.\aws-nuke.exe - config nuke-config.yml - no-dry-run

I appreciated how the executable would not run if the account alias had “prod” in the name. Which prompted me to rename my account and run the command again.

AWS Nuke at work

ALL DONE!

Congratulations, AWS Nuke should be working its magic now. There are some resource with deletion protection, and others like Reserved Instances that will be unaffected, but, the job will be done too well (everything wiped out) if nothing is specified. So, BE CAREFUL.

Aws Nuke
DevOps
AWS
Cloud Computing
Powershell

--

--

Bertrand Oubida

Written by Bertrand Oubida

11 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams