From 212b7f836e83e2859d2fdb474877c15d871d55ea Mon Sep 17 00:00:00 2001 From: badra001 Date: Mon, 24 Mar 2025 13:06:33 -0400 Subject: [PATCH] exclude network-firewall* things as they cause a null pointer exception --- inventory/inspect.ew.tf | 8 ++++---- inventory/inspect.gov.tf | 4 ++-- inventory/inspect.tf | 8 ++++++++ 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/inventory/inspect.ew.tf b/inventory/inspect.ew.tf index 1a30bda..4e70510 100644 --- a/inventory/inspect.ew.tf +++ b/inventory/inspect.ew.tf @@ -10,7 +10,7 @@ resource "null_resource" "inspect_east-1" { } provisioner "local-exec" { - command = "cloud-nuke inspect-aws --region ${self.triggers.region} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${self.triggers.timestamp}.log 2>&1" + command = "cloud-nuke inspect-aws --region ${self.triggers.region} ${local.cloudnuke_exclude_cli} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${self.triggers.timestamp}.log 2>&1" environment = { DISABLE_TELEMETRY = true AWS_PROFILE = var.profile @@ -28,7 +28,7 @@ resource "null_resource" "inspect_east-2" { } provisioner "local-exec" { - command = "cloud-nuke inspect-aws --region ${self.triggers.region} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${self.triggers.timestamp}.log 2>&1" + command = "cloud-nuke inspect-aws --region ${self.triggers.region} ${local.cloudnuke_exclude_cli} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${self.triggers.timestamp}.log 2>&1" environment = { DISABLE_TELEMETRY = true AWS_PROFILE = var.profile @@ -46,7 +46,7 @@ resource "null_resource" "inspect_west-1" { } provisioner "local-exec" { - command = "cloud-nuke inspect-aws --region ${self.triggers.region} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${self.triggers.timestamp}.log 2>&1" + command = "cloud-nuke inspect-aws --region ${self.triggers.region} ${local.cloudnuke_exclude_cli} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${self.triggers.timestamp}.log 2>&1" environment = { DISABLE_TELEMETRY = true AWS_PROFILE = var.profile @@ -64,7 +64,7 @@ resource "null_resource" "inspect_west-2" { } provisioner "local-exec" { - command = "cloud-nuke inspect-aws --region ${self.triggers.region} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${self.triggers.timestamp}.log 2>&1" + command = "cloud-nuke inspect-aws --region ${self.triggers.region} ${local.cloudnuke_exclude_cli} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${self.triggers.timestamp}.log 2>&1" environment = { DISABLE_TELEMETRY = true AWS_PROFILE = var.profile diff --git a/inventory/inspect.gov.tf b/inventory/inspect.gov.tf index 3356319..482106b 100644 --- a/inventory/inspect.gov.tf +++ b/inventory/inspect.gov.tf @@ -10,7 +10,7 @@ resource "null_resource" "inspect_east" { } provisioner "local-exec" { - command = "cloud-nuke inspect-aws --region ${self.triggers.region} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${local.timestamp}.log 2>&1" + command = "cloud-nuke inspect-aws --region ${self.triggers.region} ${local.cloudnuke_exclude_cli} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${local.timestamp}.log 2>&1" environment = { DISABLE_TELEMETRY = true AWS_PROFILE = var.profile @@ -28,7 +28,7 @@ resource "null_resource" "inspect_west" { } provisioner "local-exec" { - command = "cloud-nuke inspect-aws --region ${self.triggers.region} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${self.triggers.timestamp}.log 2>&1" + command = "cloud-nuke inspect-aws --region ${self.triggers.region} ${local.cloudnuke_exclude_cli} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${self.triggers.timestamp}.log 2>&1" environment = { DISABLE_TELEMETRY = true AWS_PROFILE = var.profile diff --git a/inventory/inspect.tf b/inventory/inspect.tf index 677081f..26e56da 100644 --- a/inventory/inspect.tf +++ b/inventory/inspect.tf @@ -5,6 +5,14 @@ locals { timestamp = try((provider::time::rfc3339_parse(time_static.inspect.rfc3339)).unix, time_static.inspect.rfc3339) } +locals { + cloudnuke_excludes = [ + "network-firewall-rule-group", + "network-firewall-resource-policy" + ] + cloudnuke_exclude_cli = join(" ", formatlist(" -exclude-resource-type %v", local.cloudnuke_excludes)) +} + resource "time_static" "inspect" {} resource "null_resource" "setup_directory" {