How do you set a self-destruct or maximum uptime in AWS?

James Geddes

7/4/23, 1:59 PM

Situation

We have a sandbox AWS account for trying things out. It is not for production, purely just for playing around with all the toys that AWS provide. We want to encourage everyone to explore and learn.

We have many AWS accounts in our estate, including but not limited to,

sandbox
development
test
production

Financial and environmental responsibility is important to us.

Requirement

Must
- automatically destroy everything in the sandbox account.
- only be capable of running on this specific account.
Should
- destroy an instance after x hours.
Could
- use slack buttons as a Dead man's switch.

Potential solutions

aws-nuke

I have seen aws-nuke. If we ran this at midnight on Wednesdays and Sundays it would terminate all instances. This sounds like a great solution, however it is also somewhat dangerous as it could terminate instances on other accounts my mistake. It also currently works on a block-nuke list, rather than an explicit allow-nuke list which is another potential security issue. I have logged aws-nuke#751 to address this.

Max uptime policy

The other method that I am looking into is to use a policy (IAM?) to set the maximum uptime for everything. I feel like this has less likelihood of leaking into our other accounts and also has the potential to be more nuanced. I'm not sure,

how best to implement this
whether it needs to be run in a lambda or can just be a policy
whether this is actually more secure than running aws-nuke across the estate.

I would be tremendously grateful for any pointers.

0 + 0

amazon-web-services

amazon-iam

amazon-lambda

Score:0

Server

shearn89

7/4/23, 2:51 PM

At one previous employer someone had written a Lambda function to list all running instances and stop them each night at 7pm if they didn't have a specific tag. This was a pretty simple, effective way to handle it. The python boto3 libraries are pretty easy to use.

The lambda was deployed in the Organisation and used a cross-account role, but you could just as easily deploy it via a StackSet into all org accounts, and have it only target that accounts instances.

0 + 0

James Geddes

7/4/23, 3:02 PM

Hmm I was hoping to avoid using a lambda as the run could be a long one if many instances are created.

shearn89

7/4/23, 4:49 PM

Could always break it up, have one Lambda generate the list -> SQS -> others. I'd expect the API call to stop an instance is a quick one. Other option is a spot instance that runs the same code?

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How do you set a self-destruct or maximum uptime in AWS?

TH: คุณจะตั้งค่าการทำลายตัวเองหรือเวลาทำงานสูงสุดใน AWS ได้อย่างไร

RO: Cum setați o autodistrugere sau un timp de funcționare maxim în AWS?

RU: Как установить самоуничтожение или максимальное время безотказной работы в AWS?

VI: Làm cách nào để đặt chế độ tự hủy hoặc thời gian hoạt động tối đa trong AWS?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.