exclude network-firewall* things as they cause a null pointer exception

inventory/inspect.ew.tf

@@ -10,7 +10,7 @@ resource "null_resource" "inspect_east-1" {
   }
 
   provisioner "local-exec" {
-    command = "cloud-nuke inspect-aws --region ${self.triggers.region} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${self.triggers.timestamp}.log 2>&1"
+    command = "cloud-nuke inspect-aws --region ${self.triggers.region} ${local.cloudnuke_exclude_cli} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${self.triggers.timestamp}.log 2>&1"
     environment = {
       DISABLE_TELEMETRY = true
       AWS_PROFILE       = var.profile
@@ -28,7 +28,7 @@ resource "null_resource" "inspect_east-2" {
   }
 
   provisioner "local-exec" {
-    command = "cloud-nuke inspect-aws --region ${self.triggers.region} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${self.triggers.timestamp}.log 2>&1"
+    command = "cloud-nuke inspect-aws --region ${self.triggers.region} ${local.cloudnuke_exclude_cli} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${self.triggers.timestamp}.log 2>&1"
     environment = {
       DISABLE_TELEMETRY = true
       AWS_PROFILE       = var.profile
@@ -46,7 +46,7 @@ resource "null_resource" "inspect_west-1" {
   }
 
   provisioner "local-exec" {
-    command = "cloud-nuke inspect-aws --region ${self.triggers.region} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${self.triggers.timestamp}.log 2>&1"
+    command = "cloud-nuke inspect-aws --region ${self.triggers.region} ${local.cloudnuke_exclude_cli} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${self.triggers.timestamp}.log 2>&1"
     environment = {
       DISABLE_TELEMETRY = true
       AWS_PROFILE       = var.profile
@@ -64,7 +64,7 @@ resource "null_resource" "inspect_west-2" {
   }
 
   provisioner "local-exec" {
-    command = "cloud-nuke inspect-aws --region ${self.triggers.region} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${self.triggers.timestamp}.log 2>&1"
+    command = "cloud-nuke inspect-aws --region ${self.triggers.region} ${local.cloudnuke_exclude_cli} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${self.triggers.timestamp}.log 2>&1"
     environment = {
       DISABLE_TELEMETRY = true
       AWS_PROFILE       = var.profile

inventory/inspect.gov.tf

@@ -10,7 +10,7 @@ resource "null_resource" "inspect_east" {
   }
 
   provisioner "local-exec" {
-    command = "cloud-nuke inspect-aws --region ${self.triggers.region} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${local.timestamp}.log 2>&1"
+    command = "cloud-nuke inspect-aws --region ${self.triggers.region} ${local.cloudnuke_exclude_cli} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${local.timestamp}.log 2>&1"
     environment = {
       DISABLE_TELEMETRY = true
       AWS_PROFILE       = var.profile
@@ -28,7 +28,7 @@ resource "null_resource" "inspect_west" {
   }
 
   provisioner "local-exec" {
-    command = "cloud-nuke inspect-aws --region ${self.triggers.region} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${self.triggers.timestamp}.log 2>&1"
+    command = "cloud-nuke inspect-aws --region ${self.triggers.region} ${local.cloudnuke_exclude_cli} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${self.triggers.timestamp}.log 2>&1"
     environment = {
       DISABLE_TELEMETRY = true
       AWS_PROFILE       = var.profile

inventory/inspect.tf

@@ -5,6 +5,14 @@ locals {
   timestamp = try((provider::time::rfc3339_parse(time_static.inspect.rfc3339)).unix, time_static.inspect.rfc3339)
 }
 
+locals {
+  cloudnuke_excludes = [
+    "network-firewall-rule-group",
+    "network-firewall-resource-policy"
+  ]
+  cloudnuke_exclude_cli = join(" ", formatlist(" -exclude-resource-type %v", local.cloudnuke_excludes))
+}
+
 resource "time_static" "inspect" {}
 
 resource "null_resource" "setup_directory" {