Description
There are 3 inaccuracies in the README that could be improved.
IAM Instance Profile
This appears to be supported:
https://github.com/gruntwork-io/cloud-nuke/blob/master/aws/resources/iam_instance_profile.go
But it is missing from the "What's supported?" table:
https://github.com/gruntwork-io/cloud-nuke/tree/master?tab=readme-ov-file#whats-supported
GovCloud Global Region
In order to successfully run cloud-nuke against a GovCloud account, I need to set an additional environment variable "CLOUD_NUKE_AWS_GLOBAL_REGION":
https://github.com/gruntwork-io/cloud-nuke/blob/master/aws/region.go#L55
This doesn't appear to be required when running against AWS Commercial accounts. The code appears to ignore the "DEFAULT_AWS_REGION" environment variable that normally gets set when I use something like the official Github Action to configure AWS Credentials.
Nothing in the README explains "CLOUD_NUKE_AWS_GLOBAL_REGION". If it is required, a small footnote might help. However, it might be more ideal to simply massage the code to make use of "DEFAULT_AWS_REGION" instead.
If this is not included, cloud-nuke throws a non-terminating error when searching for Global resources like IAM users with a very generic "the security token included in the request is invalid".
Multiple Tags
The tag filter section doesn't mention the usage of multiple tags:
https://github.com/gruntwork-io/cloud-nuke/tree/master?tab=readme-ov-file#tag-filter
Multiple tags are indeed supported:
https://github.com/gruntwork-io/cloud-nuke/blob/master/config/config.go#L281-L288
These are the examples:
s3:
exclude:
tag: 'foo' # exclude if tag foo exists with value of 'true'
s3:
exclude:
tag: 'foo'
tag_value: 'dev-.*'
The second example is something that, according to the code comments, is deprecated. If the latter is to be deprecated, perhaps you can consolidate the example to only provide "tags" as a map?
EC2:
exclude:
tags:
Schedule: "^schedule-.*"
Environment: "^Prod$"
^^^Above ignores a "Scheduled" tag I apply to all instances to be managed with "AWS Instance Scheduler" with a regex that matches my defined schedule values like "schedule-et-office-hours". Also ignores "Environment" tag that matches "Prod". From when I poked around with it, it appears to exclude from cloud-nuke if it has one tag OR the other.
I haven't yet verified this, but multiple values for a single tag might also be possible:
EC2:
exclude:
tags:
Environment: "^Prod$|^Dev$"