Skip to content

Instantly share code, notes, and snippets.

@jsamuel1

jsamuel1/nuke_ec2_fsx.py

Last active March 5, 2021 04:58
Show Gist options
  • Save jsamuel1/c02c07436bc30285d3823fc17c0d89d9 to your computer and use it in GitHub Desktop.
Save jsamuel1/c02c07436bc30285d3823fc17c0d89d9 to your computer and use it in GitHub Desktop.
Download ZIP
For that time that someone leaves unused EC2 and FSx running in a bunch of sub-accounts in an AWS Organization. Supply the list of subaccounts to assume-role into.
Raw
nuke_ec2_fsx.py
#!/usr/bin/env python
from __future__ import print_function
import boto3
import botocore
import time
import sys
import argparse
import pandas
def clean_account(
account_id, region
):
sts_client = boto3.client('sts')
# Call the assume_role method of the STSConnection object and pass the role
# ARN and a role session name.
assumed_role_object=sts_client.assume_role(
RoleArn=f"arn:aws:iam::{account_id:012d}:role/OrganizationAccountAccessRole",
RoleSessionName="AssumeRoleSession1"
)
# From the response that contains the assumed role, get the temporary
# credentials that can be used to make subsequent API calls
credentials=assumed_role_object['Credentials']
ec2_client = boto3.client('ec2', aws_access_key_id=credentials['AccessKeyId'], aws_secret_access_key=credentials['SecretAccessKey'], aws_session_token=credentials['SessionToken'], region_name=region)
ec2_instances = ec2_client.describe_instances()
ec2_reservations = ec2_instances['Reservations']
for reservation in ec2_reservations:
ec2_instances = reservation['Instances']
instanceIds = []
for instance in ec2_instances:
print(f"EC2: Region: {region} ID: {instance['InstanceId']} Type: {instance['InstanceType']} LaunchType: {instance['LaunchTime']} State: {instance['State']['Name']}")
instanceIds.append(instance['InstanceId'])
ec2_client.terminate_instances(InstanceIds=instanceIds)
fsx_client = boto3.client('fsx', aws_access_key_id=credentials['AccessKeyId'], aws_secret_access_key=credentials['SecretAccessKey'], aws_session_token=credentials['SessionToken'], region_name=region)
filesystems = fsx_client.describe_file_systems()
for fs in filesystems['FileSystems']:
print(f"Region: {region} Filesystem: {fs['FileSystemId']} ")
response = fsx_client.delete_file_system(FileSystemId=fs['FileSystemId'], WindowsConfiguration={'SkipFinalBackup': True})
iam_client = boto3.client('iam', aws_access_key_id=credentials['AccessKeyId'], aws_secret_access_key=credentials['SecretAccessKey'], aws_session_token=credentials['SessionToken'])
roles = iam_client.list_roles()
for role in roles['Roles']:
if role['RoleName'].startswith('fsx'):
print(f"Deleting role {role['RoleName']}")
instance_profiles = iam_client.list_instance_profiles_for_role(RoleName=role['RoleName'])
for ip in instance_profiles['InstanceProfiles']:
iam_client.remove_role_from_instance_profile(RoleName=role['RoleName'],InstanceProfileName=ip['InstanceProfileName'])
iam_client.delete_role(RoleName=role['RoleName'])
ds_client = boto3.client('ds', aws_access_key_id=credentials['AccessKeyId'], aws_secret_access_key=credentials['SecretAccessKey'], aws_session_token=credentials['SessionToken'], region_name=region)
directories = ds_client.describe_directories()
for ds in directories['DirectoryDescriptions']:
print(f"Deleting directory {ds['DirectoryId']} {ds['Name']}")
ds_client.delete_directory(DirectoryId=ds['DirectoryId'])
def main(arguments):
accounts = pandas.read_csv('accounts.csv')
for account in accounts.AccountId:
print(f"AWS Account: {account:012d}")
clean_account(account, "us-east-1")
clean_account(account, "us-east-2")
clean_account(account, "us-west-1")
clean_account(account, "us-west-2")
clean_account(account, "ap-southeast-2")
print("")
if __name__ == '__main__':
sys.exit(main(sys.argv[1:]))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment