aws-default-cleaner is a command line tool to delete default AWS account resources:
- VPCs
- Subnets
- Internet Gateways
- Route Tables
- Network ACLs
- Security Groups
Install package using pip package-manager
pip install aws-default-cleanerCurrently this tool supports two operations: discover and delete.
discovercommand searches for default VPCs and other resources in the AWS account and outputs ids (no objects deleted)deletecommand tries to delete default VPCs and associated Subnets, Internet Gateways, Route Tables, Network ACLs and Security Groups
Example:
aws-default-cleaner discover
aws-default-cleaner deleteWhen you use multi-account setup with central IAM account and specific roles in spoke accounts, you can force aws-default-cleaner to assume role before performing any operations. Simply supply one or more --assume or -a flags with the corresponding role names.
Example:
aws-default-cleaner discover -a arn:aws:iam::account-one-id:role/infra-admin-assumerole -a arn:aws:iam::account-two-id:role/infra-admin-assumerole
aws-default-cleaner delete -a arn:aws:iam::XXXXXXXXXXXX:role/infra-admin-assumeroleBy default aws-default-cleaner will search for the default resources in the all available regions, but you can override this behavior by supplying --region or -r flags.
Example:
aws-default-cleaner discover -r eu-central-1 -r eu-west-3
aws-default-cleaner delete -r eu-central-1 -r eu-west-3