diff --git a/inventory/inspect.ew.tf b/inventory/inspect.ew.tf index 1a30bda..4e70510 100644 --- a/inventory/inspect.ew.tf +++ b/inventory/inspect.ew.tf @@ -10,7 +10,7 @@ resource "null_resource" "inspect_east-1" { } provisioner "local-exec" { - command = "cloud-nuke inspect-aws --region ${self.triggers.region} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${self.triggers.timestamp}.log 2>&1" + command = "cloud-nuke inspect-aws --region ${self.triggers.region} ${local.cloudnuke_exclude_cli} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${self.triggers.timestamp}.log 2>&1" environment = { DISABLE_TELEMETRY = true AWS_PROFILE = var.profile @@ -28,7 +28,7 @@ resource "null_resource" "inspect_east-2" { } provisioner "local-exec" { - command = "cloud-nuke inspect-aws --region ${self.triggers.region} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${self.triggers.timestamp}.log 2>&1" + command = "cloud-nuke inspect-aws --region ${self.triggers.region} ${local.cloudnuke_exclude_cli} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${self.triggers.timestamp}.log 2>&1" environment = { DISABLE_TELEMETRY = true AWS_PROFILE = var.profile @@ -46,7 +46,7 @@ resource "null_resource" "inspect_west-1" { } provisioner "local-exec" { - command = "cloud-nuke inspect-aws --region ${self.triggers.region} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${self.triggers.timestamp}.log 2>&1" + command = "cloud-nuke inspect-aws --region ${self.triggers.region} ${local.cloudnuke_exclude_cli} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${self.triggers.timestamp}.log 2>&1" environment = { DISABLE_TELEMETRY = true AWS_PROFILE = var.profile @@ -64,7 +64,7 @@ resource "null_resource" "inspect_west-2" { } provisioner "local-exec" { - command = "cloud-nuke inspect-aws --region ${self.triggers.region} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${self.triggers.timestamp}.log 2>&1" + command = "cloud-nuke inspect-aws --region ${self.triggers.region} ${local.cloudnuke_exclude_cli} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${self.triggers.timestamp}.log 2>&1" environment = { DISABLE_TELEMETRY = true AWS_PROFILE = var.profile diff --git a/inventory/inspect.gov.tf b/inventory/inspect.gov.tf index 3356319..482106b 100644 --- a/inventory/inspect.gov.tf +++ b/inventory/inspect.gov.tf @@ -10,7 +10,7 @@ resource "null_resource" "inspect_east" { } provisioner "local-exec" { - command = "cloud-nuke inspect-aws --region ${self.triggers.region} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${local.timestamp}.log 2>&1" + command = "cloud-nuke inspect-aws --region ${self.triggers.region} ${local.cloudnuke_exclude_cli} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${local.timestamp}.log 2>&1" environment = { DISABLE_TELEMETRY = true AWS_PROFILE = var.profile @@ -28,7 +28,7 @@ resource "null_resource" "inspect_west" { } provisioner "local-exec" { - command = "cloud-nuke inspect-aws --region ${self.triggers.region} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${self.triggers.timestamp}.log 2>&1" + command = "cloud-nuke inspect-aws --region ${self.triggers.region} ${local.cloudnuke_exclude_cli} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${self.triggers.timestamp}.log 2>&1" environment = { DISABLE_TELEMETRY = true AWS_PROFILE = var.profile diff --git a/inventory/inspect.tf b/inventory/inspect.tf index 677081f..26e56da 100644 --- a/inventory/inspect.tf +++ b/inventory/inspect.tf @@ -5,6 +5,14 @@ locals { timestamp = try((provider::time::rfc3339_parse(time_static.inspect.rfc3339)).unix, time_static.inspect.rfc3339) } +locals { + cloudnuke_excludes = [ + "network-firewall-rule-group", + "network-firewall-resource-policy" + ] + cloudnuke_exclude_cli = join(" ", formatlist(" -exclude-resource-type %v", local.cloudnuke_excludes)) +} + resource "time_static" "inspect" {} resource "null_resource" "setup_directory" {