Name: reaper
Owner: Mozilla Services
Description: Reaper culls leftover AWS resources
Created: 2015-06-08 21:23:17.0
Updated: 2018-02-14 23:51:58.0
Pushed: 2017-06-02 15:00:45.0
Homepage:
Size: 7828
Language: Go
GitHub Committers
User | Most Recent Commit | # Commits |
Other Committers
User | Email | Most Recent Commit | # Commits |
README
AWS Reaper
About
The Reaper terminates forgotten AWS resources.
Reaper workflow:
- Find all enabled resources, filter them, then fire events based on config
- Event types include sending emails, posting events to Datadog (Statsd), tagging resources on AWS, stopping or killing resources, and more
- Reaper uses the
Owner
tag on resources to notify the owner of the resource with options to Ignore (for a time), Whitelist, Terminate, or Stop each resource they own
- Report statistics about the resources that were found
- Terminate or Stop abandoned resources after a set amount of time
Caution This app is experimental because:
- doesn't have a lot of tests (Read: any), will add when SDK is updated
Building
- install glide per
https://github.com/Masterminds/glide
- checkout repo
- install dependencies:
glide install
- build binary:
go build main.go
- run binary:
./reaper -config config/default.toml
- for command line options:
./reaper -help
Command Line Flags
- config: required flag, the path to the Reaper config file.
string
(no default value)
- dryrun: run Reaper in dryrun (no-op) mode. Events will not be triggered.
boolean
(default: true)
- withoutCloudformationResources: skip checking for Cloudformation Resource dependencies (throttled by AWS, so it takes ages).
boolean
(default: false)
Creating a configuration file
Reaper configuration files should be in toml format. See config/default.toml
for an example config.
- Top level options
- LogFile: the full filepath of the file that logs are written to.
string
- WhitelistTag: a string that will be used to tag resources that have been whitelisted. Defaults to
REAPER_SPARE_ME
. (string)
- DefaultOwner: all unowned resources will be assigned to this owner. Can be an email address, or can be a username if DefaultEmailHost is specified.
string
- DefaultEmailHost: resources that do not have a complete email address as their owner will have this appended. Should be of the form “domain.tld”. Works with DefaultOwner in the following way:
DefaultOwner
@DefaultEmailHost
. string
- EventTag: a tag that is added to all events that support tagging. Should be of the form
key1:value1,key2:value2
. string
- HTTP options (under
[HTTP]
)
- TokenSecret: the secret key used to secure web requests.
string
- ApiURL: used to generate URLs for Reaper's HTTP API. Should be of the form
protocol://host:port
. string
- Listen: where the HTTP server will listen for requests. Should be of the form
host:port
. string
- Token: TODO
- Action: TODO
- Logging (under
[Logging]
)
- Extras: enables or disables extra logging, such as dry run notifications for EventReporters not triggering.
boolean
- States (under
[States]
)
- Interval: the interval between Reaper's scans for resources. The time format must be a duration parsable by Go's time.ParseDuration. See: http://godoc.org/time#ParseDuration. Example:
1h
. string
- FirstStateDuration: the length of the first state assigned to resources that match filters. The time format must be a duration parsable by Go's time.ParseDuration. See: http://godoc.org/time#ParseDuration. Example:
1h
. string
- SecondStateDuration: the length of the second state assigned to resources that match filters. The time format must be a duration parsable by Go's time.ParseDuration. See: http://godoc.org/time#ParseDuration. Example:
1h
. string
- ThirdStateDuration: the length of the third state assigned to resources that match filters. After the Third state elapses, resources move to a permanent final state. The time format must be a duration parsable by Go's time.ParseDuration. See: http://godoc.org/time#ParseDuration. Example:
1h
. string
- Events (under
[Events]
)
- Datadog (
[Events.Datadog]
)
- Enabled: enables or disables the Datadog EventReporter. Note: Datadog statistics and Event depend on this.
boolean
- Triggers: states for which Datadog will trigger Reapable Events. Can be any/all/none of
first
, second
, third
, final
, or ignore
. []string
- Tagger (
[Events.Tagger]
)
- Enabled: enables or disables the Tagger EventReporter.
boolean
- Triggers: states for which Tagger will trigger Reapable Events. Can be any/all/none of
first
, second
, third
, final
, or ignore
. []string
- Reaper (
[Events.Reaper]
)
- Enabled: enables or disables the Reaper EventReporter.
boolean
- Triggers: states for which Reaper will trigger Reapable Events. Can be any/all/none of
first
, second
, third
, final
, or ignore
. []string
- Mode: when the Reaper EventReporter is triggered on a Reapable Event, it will
Stop
or Terminate
Reapables per this flag. Note: modes must be capitalized. string
- Email (
[Events.Email]
)
- Enabled: enables or disables the Email EventReporter.
boolean
- Triggers: states for which Email will trigger Reapable Events. Can be any/all/none of
first
, second
, third
, final
, or ignore
. []string
- Host: the mailserver Reaper will use
- AuthType: the type of authentication used by the mailserver. Should be one of
none
, md5
or plain
. string
- Port: the port used by the mailserver.
int
- Username: the username to use for the mailserver.
string
- Password: the password to use for the nmailserver.
string
- From: the address that Reaper will send mail from, must be parsable by Go's mail.ParseAddress. See: http://godoc.org/net/mail#ParseAddress.
string
- All Supported AWS Resource types have these properties
- Enabled: enables or disables reporting of this resource type. Note: resources will still be queried for as they inform Reaper about the dependencies of other resources.
boolean
- FilterGroups (under
[ResourceType.FilterGroups]
): FilterGroups are sets of filters that can be applied to resources. In order for a resource to match a FilterGroup, it must match all filters in the FilterGroup. If an resource matches any FilterGroup, it has satisfied Reaper's filters. []FilterGroup
Example FilterGroup:
ourceType.FilterGroups.Example]
[ResourceType.FilterGroups.Example.Filter1]
function = "IsDependency"
arguments = ["false"]
[ResourceType.FilterGroups.Example.Filter2]
function = "Running"
arguments = ["true"]
In this example, we see a FilterGroup named “Example” that has two Filters, Filter1 and Filter2.
A FilterGroup is a []Filter
, and a Filter has two components, a function
and arguments
. The function
is the name of the filtering function for the associated resource type (string
), and arguments
is a slice of arguments to that function ([]string
).
- Currently supported AWS Resource types:
- SecurityGroups (under
[SecurityGroups]
)
- Cloudformations (under
[Cloudformations]
)
- AutoScalingGroups (under
[AutoScalingGroups]
)
- Instances (under
[Instances]
)
- Volumes (under
[Volumes]
)