-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-entrypoint.sh
47 lines (37 loc) · 1.8 KB
/
docker-entrypoint.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
#!/bin/sh
AWSNUKE_BIN=/usr/local/bin/aws-nuke
AWSNUKE_CONFIG_TEMPLATE=awsnuke-config-template.yaml
AWSNUKE_CONFIG=awsnuke-config.yaml
TMP_ASSUME_ROLE_FILE=/tmp/assume-role.json
ID=`id`
echo "User : ${ID}"
NUKE_VERSION=`${AWSNUKE_BIN} version`
echo "aws-nuke version : ${NUKE_VERSION}"
echo "Retrieve nuke template file from s3://${CONF_BUCKET}/${AWSNUKE_CONFIG_TEMPLATE}"
aws s3 cp s3://${CONF_BUCKET}/${AWSNUKE_CONFIG_TEMPLATE} .
echo "Set account to nuke ${ACCOUNT_TO_NUKE} in ${AWSNUKE_CONFIG_TEMPLATE}"
sed "s/||ACCOUNT||/${ACCOUNT_TO_NUKE}/g" ${AWSNUKE_CONFIG_TEMPLATE} > ${AWSNUKE_CONFIG}
echo "Assume role ${NUKE_ROLE_TO_ASSUME} role on ${ACCOUNT_TO_NUKE}"
aws sts assume-role \
--role-arn arn:aws:iam::${ACCOUNT_TO_NUKE}:role/${NUKE_ROLE_TO_ASSUME} \
--role-session-name assumeRoleForNuke \
--external-id ${NUKE_ROLE_EXTERNALID} \
>${TMP_ASSUME_ROLE_FILE}
export AWS_SECRET_ACCESS_KEY=`cat ${TMP_ASSUME_ROLE_FILE} | jq -r .Credentials.SecretAccessKey`
if [ -z "${AWS_SECRET_ACCESS_KEY}" ]; then echo "AWS_SECRET_ACCESS_KEY not set !"; exit 1; fi
export AWS_ACCESS_KEY_ID=`cat ${TMP_ASSUME_ROLE_FILE} | jq -r .Credentials.AccessKeyId`
if [ -z "${AWS_ACCESS_KEY_ID}" ]; then echo "AWS_ACCESS_KEY_ID not set !"; exit 1; fi
export AWS_SESSION_TOKEN=`cat ${TMP_ASSUME_ROLE_FILE} | jq -r .Credentials.SessionToken`
if [ -z "${AWS_SESSION_TOKEN}" ]; then echo "AWS_SESSION_TOKEN not set !"; exit 1; fi
echo "Start nuking ${ACCOUNT_TO_NUKE}"
${AWSNUKE_BIN} --config ${AWSNUKE_CONFIG} \
--session-token ${AWS_SESSION_TOKEN} \
--access-key-id ${AWS_ACCESS_KEY_ID} \
--secret-access-key ${AWS_SECRET_ACCESS_KEY} \
--no-dry-run \
--force
if [ $? -eq 0 ]; then
echo "Nuke on ${ACCOUNT_TO_NUKE} successed"
else
echo "Nuke on ${ACCOUNT_TO_NUKE} failed"
fi