
Show HN: Cloud Nuke-Safely delete AWS resources in 3 clicks - nthacker
https://cloudnuke.io
======
sashokbg
You have to be completely nuts to put your secret keys in a site on the web.

~~~
nthacker
From the FAQs

Q: Do you store the keys? A: No, each Nuke is an ephemeral sandboxed process
and we don't store any keys.

~~~
kevsim
Not sure that's gonna be enough assurance, my friend

------
SSmiley
Here is the CLI you can run yourself [https://github.com/gruntwork-io/cloud-
nuke](https://github.com/gruntwork-io/cloud-nuke)

~~~
nthacker
Thanks for linking this

------
dukha
Open source CLI to do the same for free without passing AWS keys to third-
party: [https://github.com/rebuy-de/aws-nuke](https://github.com/rebuy-de/aws-
nuke)

~~~
nthacker
Thanks for linking this

------
nthacker
I launched Cloud Nuke to make it easy to safely delete AWS resources in 3
clicks!

I've found that deleting idle & underutilized cloud resources is the quickest
win to reduce spending on cloud bills. Additionally the workflow of deleting
cloud resources often exist in Engineering teams but it is not well thought
out and a single member scrambles to determine what needs to be deleted.

Building on clouds is getting easier, and conversely harder to delete since
resources often depend on each other.

~~~
iKlsR
I don't think anyone is going to just throw keys in this willy nilly. Perhaps
put up some instructions on how to make a one off user with the bare needed
access that can be revoked after or something. Still a stretch tho.

~~~
nthacker
Great suggestion, thanks!

------
kevsim
It's a few years since I've used AWS, but is deleting stuff that hard? I seem
to remember it was a matter of deleting a cloud formation stack and maybe
cleaning up a few things that you'd explicitly ask to be preserved (usually
storage things like S3 buckets and DBs).

~~~
nthacker
It's definitely not point-and-click. My thesis (and experience) is that it has
gotten harder

Building & Deploying on clouds has gotten easier, and many dev environments
have idle, underutilized resources that are paid for.

------
rathel
> Q: Do you store my card?

> A: No payments are proessed directly by Stripe and we don't store your card
> details

"Let's eat grandma".

~~~
nthacker
I don't follow...?

~~~
hcazz
The parent post above is referencing an online meme that pokes fun at a lack
of punctuation[0].

In the Q/A section quoted, the lack of punctuation can be read as:

> Q: Do you store my card?

> A: No payments are processed directly by Stripe, and we don't store your
> card details

Which implies that Stripe is not processing the payments, with the note that
the card details are not stored.

This could be rewritten as:

> Q: Do you store my card?

> A: We do not store your credit card information. Payments are processed
> directly by Stripe, and we don't store your card details.

[0] [https://i.imgur.com/gbJVPk3.png](https://i.imgur.com/gbJVPk3.png)

~~~
nthacker
gotcha, thanks makes sense now.

> Q: Do you store my card?

> A: We do not store your credit card information. Payments are processed
> directly by Stripe, and we don't store your card details.

Thats exactly what we mean

~~~
nthacker
Updated the FAQs. Thanks for pointing this out

------
nthacker
Thanks for all the feedback HN, I do agree the service is a risky tool so
right now I've stubbed it out, effectively disabling its use while I figure
out how to address the comments here

------
miked85
You would have to be crazy to utilize this tool.

~~~
nthacker
I do think deleting cloud resources is a valid use case in many Eng teams and
directly co-relates to a lower cloud bill. Engineers are frequently building
POC's, test machines or just deploying quickly to have idle/underutilized
resources lying around

~~~
miked85
Cloud Custodian [1] is a good option for this.

[1] [https://cloudcustodian.io/](https://cloudcustodian.io/)

~~~
nthacker
Love this tool too, thanks for linking it in

------
ezekg
The overuse of emojis kill all of your credibility and make you seem like a
child playing with my secret keys.

~~~
nthacker
Ok, thanks for that feedback. It's currently disabled while I figure out next
steps

------
boston_sre87
kind of terrifying.. wonder how long until a script kiddy finds some
access/secret keys in github or somewhere else and kills a company.

~~~
arkadiyt
They could do the same by using the access keys directly - using this service
is strictly better since it would identify the attacker by their Stripe
payment method.

~~~
boston_sre87
Yea, agreed.. they definitely could assuming someone does something stupid and
exposes keys with access to everything. But this removes the barrier of
needing to have a tiny bit of technical knowledge to do it. I think pastebin
post with the cloudnuke url, keys, and a stolen credit card would look pretty
appetizing for bored people. I'm not saying this shouldn't exist exactly..
maybe some kind of additional identity verification would make it less scary
tho.

~~~
wrboyce
The same pastebin could exist today by simply providing a script alongside the
access keys, I don't see how this paid-for service changes anything aside
adding an extra hurdle.

