Config¶

The configuration is the user supplied configuration that is used to drive the nuke process. The configuration is a YAML file that is loaded from the path specified by the --config flag.

Sections¶

The configuration is broken down into the following sections:

blocklist
regions
accounts
- presets
- filters
- resource-types
  - includes
  - excludes
  - cloud-control
  - targets (deprecated, use includes)
resource-types
- includes
- excludes
- cloud-control
- targets (deprecated, use includes)
feature-flags (deprecated, use settings instead)
settings
presets

Simple Example¶

blocklist:
  - bootstrap-12345

regions:
  - global
  - us-central1

accounts:
  playground-12345:
    filters:
      IAMRole:
        - "admin"

resource-types:
  includes:
    - IAMRole

settings:
  CloudSQLInstance:
    DisableDeletionProtection: true

Blocklist¶

The blocklist is simply a list of Accounts that the tool cannot run against. This is to protect the user from accidentally running the tool against the wrong account. The blocklist must always be populated with at least one entry.

Regions¶

The regions is a list of GCP regions that the tool will run against. The tool will run against all regions specified in the configuration. If no regions are listed, then the tool will NOT run against any region. Regions must be explicitly provided.

All Regions¶

You may specify the special region all to run against all enabled regions. This will run against all regions that are enabled in the account. It will not run against regions that are disabled. It will also automatically include the special region global which is for specific global resources.

Important

The use of all will ignore all other regions specified in the configuration. It will only run against regions that are enabled in the account.

Projects¶

Important

Projects uses the accounts key in the configuration. This is due to the commonality of libnuke between tools.

The accounts section is a map of GCP Project IDs to their configuration. The ID is the key and the value is the configuration for that project.

The configuration for each project is broken down into the following sections:

presets
filters
resource-types
- includes
- excludes

Presets¶

Presets under an account entry is a list of strings that must map to a globally defined preset in the configuration.

Filters¶

Filters is a map of filters against resource types. To learn more about filters, see the Filtering

Note: filters can be defined at the account level and at the preset level.

Resource Types¶

Resource types is a map of resource types to their configuration. The resource type is the key and the value is the configuration for that resource type.

The configuration for each resource type is broken down into the following sections:

includes
excludes

Includes¶

Includes are a list of resource types the tool will run against. If no includes are specified, then the tool will run against all resource types.

Excludes¶

Excludes are a list of resource types the tool will not run against. If no excludes are specified, then the tool will run against all resource types unless Includes is specified.

Settings¶

Settings are a map of resource types to their settings configuration. This allows for alternative behavior when removing resources. If a resource has a setting alternative, and you'd like to use its behavior, then you can specify the resource type in the settings section.

Global Presets¶

To read more on global presets, see the Presets documentation.