Add SSM Support #141
Add SSM Support #141
Conversation
resources/ssm-associations.go
Outdated
|
|
||
| _, err := f.svc.DeleteAssociation(&ssm.DeleteAssociationInput{ | ||
| AssociationId: f.associationID, | ||
| //InstanceId: f.instanceID, |
There was a problem hiding this comment.
Whoops I was testing something. Let me double check the results but I dont think it was a mandatory flag
resources/ssm-patchbaselines.go
Outdated
| svc: svc, | ||
| ID: baselineIdentity.BaselineId, | ||
| }) | ||
| } else if !strings.Contains(*baselineIdentity.BaselineDescription, "Provided by AWS") { |
There was a problem hiding this comment.
To filter resources I would generally recommend the Filter() function. E.g.:
aws-nuke/resources/iam-role-policy-attachments.go
Lines 53 to 58 in f9a3a63
In this case, I actually think your approach in SSMDocument is really great. It reduces the number of resources returned and let's AWS do the filter work. I tried it briefly with aws ssm describe-patch-baselines --filters="Key=OWNER,Values=Self" and it looks promising. Wdyt?
There was a problem hiding this comment.
I have an issue with Patch Baselines, which I am not sure will be easy to resolve, you can't delete the default. So either we accept that, or we make a ton of conditional coding to find the right AWS provided one which matches the right OS. Thoughts?
Its a bit irrelevant to this, but I wanted to mention it
There was a problem hiding this comment.
Wouldn't filtering by Owner=Self resolve that issue?
|
Moving this to a top level question: I have an issue with Patch Baselines, which I am not sure will be easy to resolve, you can't delete the default. So either we accept that, or we make a ton of conditional coding to find the right AWS provided one which matches the right OS. Thoughts? Its a bit irrelevant to this, but I wanted to mention it |
|
@bethge moving this to Top level, no, it doesnt. You can make your own a default. Then you need to make a non-nuked resource one, it might be a "put a pin in it" issue and see how often it creeps up |
|
I removed the comment after a test to ensure that was proper |
|
Ah ok, I see the problem now. Looking at Terraform's implementation of PatchBaseline, they also do not handle deleting the default PatchBaseline deletion. I would suggest we gracefully handle this case by filtering |
|
@bethge resolved |
No description provided.