Introduction

aws-default-cleaner is a command line tool to delete default AWS account resources:

• VPCs
• Subnets
• Internet Gateways
• Route Tables
• Network ACLs
• Security Groups

Installation

Install package using pip package-manager

pip install aws-default-cleaner

Usage

Basic usage

Currently this tool supports two operations: discover and delete.

• discover command searches for default VPCs and other resources in the AWS account and outputs ids (no objects deleted)
• delete command tries to delete default VPCs and associated Subnets, Internet Gateways, Route Tables, Network ACLs and Security Groups

Example:

aws-default-cleaner discover
aws-default-cleaner delete

Assuming role

When you use multi-account setup with central IAM account and specific roles in spoke accounts, you can force aws-default-cleaner to assume role before performing any operations. Simply supply one or more --assume or -a flags with the corresponding role names.

Example:

aws-default-cleaner discover -a arn:aws:iam::account-one-id:role/infra-admin-assumerole -a arn:aws:iam::account-two-id:role/infra-admin-assumerole
aws-default-cleaner delete -a arn:aws:iam::XXXXXXXXXXXX:role/infra-admin-assumerole

Region filtering

By default aws-default-cleaner will search for the default resources in the all available regions, but you can override this behavior by supplying --region or -r flags.

Example:

aws-default-cleaner discover -r eu-central-1 -r eu-west-3
aws-default-cleaner delete -r eu-central-1 -r eu-west-3