rebuy-de/aws-nuke

aws-nuke is a command-line tool written in Go that deletes every resource inside an Amazon Web Services account. If you have a cloud account filled with servers, databases, storage buckets, user accounts, and networking pieces, aws-nuke scans all of them and removes them. The intended audience is developers and platform teams who spin up test or staging accounts and need a clean slate when they are done. The tool is built around several safety layers because deleting an entire AWS account's contents is not reversible. By default it only lists what it would delete and requires a --no-dry-run flag before touching anything real. It then asks you twice to type the account's alias to confirm. It will refuse to run if the alias contains the word "prod", and it requires you to maintain a blocklist of account IDs that should never be nuked. You also provide a config file that explicitly names each account you want to process, which prevents accidents from running it against the wrong account. The config file lets you add filters to protect specific resources you want to keep. In the examples, an administrator IAM user and its attached permissions are filtered out so the cleanup process skips them while deleting everything else. You can run aws-nuke as a binary on Linux, macOS, or Windows, or pull it as a container image from Docker Hub or Quay.io. Common use cases in the README include cleaning up accounts where automated infrastructure scripts have left behind partial or failed setups, and giving individual developers personal accounts they can wipe at the end of the day to keep costs down. This repository is no longer maintained by its original authors at rebuy-de. The README directs new users to a community-maintained fork at ekristen/aws-nuke, which continues to receive updates. The original project remains available for reference but will not receive further releases or bug fixes.