jsamuel1 · March 5, 2021 04:58 · Mar 5, 2021 · Mar 4, 2021
diff --git a/nuke_ec2_fsx.py b/nuke_ec2_fsx.py
@@ -1,5 +1,5 @@
 #!/usr/bin/env python
-  
+
 from __future__ import print_function
 import boto3
 import botocore
@@ -13,14 +13,14 @@ def clean_account(
         ):
 
     sts_client = boto3.client('sts')
-
+    
     # Call the assume_role method of the STSConnection object and pass the role
     # ARN and a role session name.
     assumed_role_object=sts_client.assume_role(
             RoleArn=f"arn:aws:iam::{account_id:012d}:role/OrganizationAccountAccessRole",
         RoleSessionName="AssumeRoleSession1"
     )
-
+    
     # From the response that contains the assumed role, get the temporary 
     # credentials that can be used to make subsequent API calls
     credentials=assumed_role_object['Credentials']
@@ -34,27 +34,44 @@ def clean_account(
             print(f"EC2: Region: {region} ID: {instance['InstanceId']} Type: {instance['InstanceType']} LaunchType: {instance['LaunchTime']} State: {instance['State']['Name']}")
             instanceIds.append(instance['InstanceId'])
         ec2_client.terminate_instances(InstanceIds=instanceIds)
-
+    
     fsx_client = boto3.client('fsx', aws_access_key_id=credentials['AccessKeyId'], aws_secret_access_key=credentials['SecretAccessKey'], aws_session_token=credentials['SessionToken'], region_name=region)
-
+    
     filesystems = fsx_client.describe_file_systems()
     for fs in filesystems['FileSystems']:
         print(f"Region: {region} Filesystem: {fs['FileSystemId']} ")
         response = fsx_client.delete_file_system(FileSystemId=fs['FileSystemId'], WindowsConfiguration={'SkipFinalBackup': True})
 
+    iam_client = boto3.client('iam', aws_access_key_id=credentials['AccessKeyId'], aws_secret_access_key=credentials['SecretAccessKey'], aws_session_token=credentials['SessionToken'])
+    roles = iam_client.list_roles()
+    for role in roles['Roles']:
+        if role['RoleName'].startswith('fsx'):
+            print(f"Deleting role {role['RoleName']}")
+            instance_profiles = iam_client.list_instance_profiles_for_role(RoleName=role['RoleName'])
+            for ip in instance_profiles['InstanceProfiles']:
+                iam_client.remove_role_from_instance_profile(RoleName=role['RoleName'],InstanceProfileName=ip['InstanceProfileName'])
 
+            iam_client.delete_role(RoleName=role['RoleName'])
 
+    ds_client = boto3.client('ds', aws_access_key_id=credentials['AccessKeyId'], aws_secret_access_key=credentials['SecretAccessKey'], aws_session_token=credentials['SessionToken'], region_name=region)
+    directories = ds_client.describe_directories()
+    for ds in directories['DirectoryDescriptions']:
+        print(f"Deleting directory {ds['DirectoryId']} {ds['Name']}")
+        ds_client.delete_directory(DirectoryId=ds['DirectoryId'])
 
 def main(arguments):
-    accounts = pandas.read_csv('accounts.csv', header=0, names=['AccountId', 'Email'])
 
+    accounts = pandas.read_csv('accounts.csv')
+
     for account in accounts.AccountId:
         print(f"AWS Account: {account:012d}")
         clean_account(account, "us-east-1")
+        clean_account(account, "us-east-2")
+        clean_account(account, "us-west-1")
+        clean_account(account, "us-west-2")
         clean_account(account, "ap-southeast-2")
         print("")
 
 
 if __name__ == '__main__':
-    sys.exit(main(sys.argv[1:]))
-~                                                   
+    sys.exit(main(sys.argv[1:]))
diff --git a/nuke_ec2_fsx.py b/nuke_ec2_fsx.py
@@ -0,0 +1,60 @@
+#!/usr/bin/env python
+
+from __future__ import print_function
+import boto3
+import botocore
+import time
+import sys
+import argparse
+import pandas
+
+def clean_account(
+        account_id, region
+        ):
+
+    sts_client = boto3.client('sts')
+
+    # Call the assume_role method of the STSConnection object and pass the role
+    # ARN and a role session name.
+    assumed_role_object=sts_client.assume_role(
+            RoleArn=f"arn:aws:iam::{account_id:012d}:role/OrganizationAccountAccessRole",
+        RoleSessionName="AssumeRoleSession1"
+    )
+
+    # From the response that contains the assumed role, get the temporary 
+    # credentials that can be used to make subsequent API calls
+    credentials=assumed_role_object['Credentials']
+    ec2_client = boto3.client('ec2', aws_access_key_id=credentials['AccessKeyId'], aws_secret_access_key=credentials['SecretAccessKey'], aws_session_token=credentials['SessionToken'], region_name=region)
+    ec2_instances = ec2_client.describe_instances()
+    ec2_reservations = ec2_instances['Reservations']
+    for reservation in ec2_reservations:
+        ec2_instances = reservation['Instances']
+        instanceIds = []
+        for instance in ec2_instances:
+            print(f"EC2: Region: {region} ID: {instance['InstanceId']} Type: {instance['InstanceType']} LaunchType: {instance['LaunchTime']} State: {instance['State']['Name']}")
+            instanceIds.append(instance['InstanceId'])
+        ec2_client.terminate_instances(InstanceIds=instanceIds)
+
+    fsx_client = boto3.client('fsx', aws_access_key_id=credentials['AccessKeyId'], aws_secret_access_key=credentials['SecretAccessKey'], aws_session_token=credentials['SessionToken'], region_name=region)
+
+    filesystems = fsx_client.describe_file_systems()
+    for fs in filesystems['FileSystems']:
+        print(f"Region: {region} Filesystem: {fs['FileSystemId']} ")
+        response = fsx_client.delete_file_system(FileSystemId=fs['FileSystemId'], WindowsConfiguration={'SkipFinalBackup': True})
+
+
+
+
+def main(arguments):
+    accounts = pandas.read_csv('accounts.csv', header=0, names=['AccountId', 'Email'])
+
+    for account in accounts.AccountId:
+        print(f"AWS Account: {account:012d}")
+        clean_account(account, "us-east-1")
+        clean_account(account, "ap-southeast-2")
+        print("")
+
+
+if __name__ == '__main__':
+    sys.exit(main(sys.argv[1:]))
+~