etoews/awsweeper.yaml

## awsweeper.yaml
# awsweeper --dry-run awsweeper.yml
aws_alb_target_group:
aws_ami:
aws_api_gateway_api_key:
aws_api_gateway_client_certificate:
aws_api_gateway_domain_name:
aws_api_gateway_rest_api:
aws_api_gateway_usage_plan:
aws_api_gateway_vpc_link:
aws_apigatewayv2_api:
aws_apigatewayv2_domain_name:
aws_apigatewayv2_vpc_link:
aws_autoscaling_group:
aws_backup_plan:
aws_backup_vault:
aws_cloudtrail:
- id: NOT(aws-controltower*|deloitte)
aws_cloudwatch_dashboard:
aws_cloudwatch_event_bus:
- id: NOT(default)
aws_cloudwatch_log_destination:
aws_cloudwatch_log_group:
- id: NOT(/aws/lambda/aws-controltower*|StackSet-AWSControlTowerBP*)
aws_cloudwatch_log_resource_policy:
aws_config_config_rule:
- id: NOT(AWSControlTower*|StackSet*)
aws_config_configuration_recorder:
- id: NOT(aws-controltower*)
aws_config_delivery_channel:
- id: NOT(aws-controltower*)
aws_db_event_subscription:
aws_db_instance:
aws_db_parameter_group:
- id: NOT(default*)
aws_db_proxy:
aws_db_security_group:
- id: NOT(default*)
aws_db_snapshot:
aws_db_subnet_group:
aws_dynamodb_global_table:
aws_dynamodb_table:
aws_ebs_snapshot:
aws_ebs_volume:
aws_ecs_cluster:
aws_ecs_task_definition:
aws_eip:
aws_elasticache_replication_group:
aws_elastic_beanstalk_application:
aws_elastic_beanstalk_application_version:
aws_elastic_beanstalk_environment:
aws_elb:
# aws_iam_access_key:
aws_iam_account_alias:
- id: NOT(sandbox-etoews)
aws_iam_group:
- id: NOT(Admin)
aws_iam_instance_profile:
aws_iam_policy:
- id: NOT(Kinesis*)
aws_iam_role:
- id: NOT(AWS*|aws*|Deloitte*|stacksets*|ecsTaskExecutionRole)
aws_iam_server_certificate:
# aws_iam_service_linked_role:
aws_instance:
aws_internet_gateway:
aws_key_pair:
- tags:
    NOT(Purpose): Training
aws_kinesis_stream:
aws_kinesis_firehose_delivery_stream:
aws_kms_external_key:
- id: NOT(1dca7951*|27ef3ee1*|638001ba*|8cb375ac*|906aee61*|b115b9a3*|d2f09016*)
aws_kms_key:
- id: NOT(1dca7951*|27ef3ee1*|638001ba*|8cb375ac*|906aee61*|b115b9a3*|d2f09016*)
aws_lambda_event_source_mapping:
aws_lambda_function:
- id: NOT(aws*)
aws_launch_configuration:
aws_launch_template:
aws_lb_target_group:
aws_lb:
aws_nat_gateway:
aws_network_acl:
aws_network_interface:
aws_placement_group:
aws_rds_cluster_endpoint:
aws_rds_cluster_parameter_group:
aws_rds_cluster:
aws_rds_global_cluster:
aws_route_table:
aws_route53_health_check:
aws_route53_resolver_endpoint:
# aws_route53_resolver_rule_association:
aws_route53_resolver_rule:
aws_route53_zone:
aws_s3_bucket:
- id: NOT(elasticbeanstalk*)
  tags:
    NOT(Purpose): CDK
aws_secretsmanager_secret:
aws_sns_platform_application:
aws_sns_topic:
- id: NOT(aws-controltower-SecurityNotifications*)
  tags:
    NOT(Purpose): Training
aws_sns_topic_subscription:
- id: NOT(aws-controltower-SecurityNotifications*|DemoTopic*)
aws_security_group:
- tags:
    NOT(Purpose): Training
aws_sqs_queue:
aws_ssm_parameter:
aws_subnet:
aws_vpc:
aws_vpc_endpoint:
aws_vpc_endpoint_connection_notification:
aws_vpc_endpoint_service:
aws_vpc_peering_connection:
	# awsweeper --dry-run awsweeper.yml
	aws_alb_target_group:
	aws_ami:
	aws_api_gateway_api_key:
	aws_api_gateway_client_certificate:
	aws_api_gateway_domain_name:
	aws_api_gateway_rest_api:
	aws_api_gateway_usage_plan:
	aws_api_gateway_vpc_link:
	aws_apigatewayv2_api:
	aws_apigatewayv2_domain_name:
	aws_apigatewayv2_vpc_link:
	aws_autoscaling_group:
	aws_backup_plan:
	aws_backup_vault:
	aws_cloudtrail:
	- id: NOT(aws-controltower*\|deloitte)
	aws_cloudwatch_dashboard:
	aws_cloudwatch_event_bus:
	- id: NOT(default)
	aws_cloudwatch_log_destination:
	aws_cloudwatch_log_group:
	- id: NOT(/aws/lambda/aws-controltower\|StackSet-AWSControlTowerBP)
	aws_cloudwatch_log_resource_policy:
	aws_config_config_rule:
	- id: NOT(AWSControlTower\|StackSet)
	aws_config_configuration_recorder:
	- id: NOT(aws-controltower*)
	aws_config_delivery_channel:
	- id: NOT(aws-controltower*)
	aws_db_event_subscription:
	aws_db_instance:
	aws_db_parameter_group:
	- id: NOT(default*)
	aws_db_proxy:
	aws_db_security_group:
	- id: NOT(default*)
	aws_db_snapshot:
	aws_db_subnet_group:
	aws_dynamodb_global_table:
	aws_dynamodb_table:
	aws_ebs_snapshot:
	aws_ebs_volume:
	aws_ecs_cluster:
	aws_ecs_task_definition:
	aws_eip:
	aws_elasticache_replication_group:
	aws_elastic_beanstalk_application:
	aws_elastic_beanstalk_application_version:
	aws_elastic_beanstalk_environment:
	aws_elb:
	# aws_iam_access_key:
	aws_iam_account_alias:
	- id: NOT(sandbox-etoews)
	aws_iam_group:
	- id: NOT(Admin)
	aws_iam_instance_profile:
	aws_iam_policy:
	- id: NOT(Kinesis*)
	aws_iam_role:
	- id: NOT(AWS\|aws\|Deloitte\|stacksets\|ecsTaskExecutionRole)
	aws_iam_server_certificate:
	# aws_iam_service_linked_role:
	aws_instance:
	aws_internet_gateway:
	aws_key_pair:
	- tags:
	NOT(Purpose): Training
	aws_kinesis_stream:
	aws_kinesis_firehose_delivery_stream:
	aws_kms_external_key:
	- id: NOT(1dca7951\|27ef3ee1\|638001ba\|8cb375ac\|906aee61\|b115b9a3\|d2f09016*)
	aws_kms_key:
	- id: NOT(1dca7951\|27ef3ee1\|638001ba\|8cb375ac\|906aee61\|b115b9a3\|d2f09016*)
	aws_lambda_event_source_mapping:
	aws_lambda_function:
	- id: NOT(aws*)
	aws_launch_configuration:
	aws_launch_template:
	aws_lb_target_group:
	aws_lb:
	aws_nat_gateway:
	aws_network_acl:
	aws_network_interface:
	aws_placement_group:
	aws_rds_cluster_endpoint:
	aws_rds_cluster_parameter_group:
	aws_rds_cluster:
	aws_rds_global_cluster:
	aws_route_table:
	aws_route53_health_check:
	aws_route53_resolver_endpoint:
	# aws_route53_resolver_rule_association:
	aws_route53_resolver_rule:
	aws_route53_zone:
	aws_s3_bucket:
	- id: NOT(elasticbeanstalk*)
	tags:
	NOT(Purpose): CDK
	aws_secretsmanager_secret:
	aws_sns_platform_application:
	aws_sns_topic:
	- id: NOT(aws-controltower-SecurityNotifications*)
	tags:
	NOT(Purpose): Training
	aws_sns_topic_subscription:
	- id: NOT(aws-controltower-SecurityNotifications\|DemoTopic)
	aws_security_group:
	- tags:
	NOT(Purpose): Training
	aws_sqs_queue:
	aws_ssm_parameter:
	aws_subnet:
	aws_vpc:
	aws_vpc_endpoint:
	aws_vpc_endpoint_connection_notification:
	aws_vpc_endpoint_service:
	aws_vpc_peering_connection: