I thought the same then I thought that maybe they should show instructions to create a user that only has the bare needed access. After you run, you revoke. I could see myself using something akin to this when tearing down old stuff.
I launched Cloud Nuke to make it easy to safely delete AWS resources in 3 clicks!
I've found that deleting idle & underutilized cloud resources is the quickest win to reduce spending on cloud bills. Additionally the workflow of deleting cloud resources often exist in Engineering teams but it is not well thought out and a single member scrambles to determine what needs to be deleted.
Building on clouds is getting easier, and conversely harder to delete since resources often depend on each other.
I don't think anyone is going to just throw keys in this willy nilly. Perhaps put up some instructions on how to make a one off user with the bare needed access that can be revoked after or something. Still a stretch tho.
It's a few years since I've used AWS, but is deleting stuff that hard? I seem to remember it was a matter of deleting a cloud formation stack and maybe cleaning up a few things that you'd explicitly ask to be preserved (usually storage things like S3 buckets and DBs).
I do think deleting cloud resources is a valid use case in many Eng teams and directly co-relates to a lower cloud bill. Engineers are frequently building POC's, test machines or just deploying quickly to have idle/underutilized resources lying around
Yea, agreed.. they definitely could assuming someone does something stupid and exposes keys with access to everything. But this removes the barrier of needing to have a tiny bit of technical knowledge to do it. I think pastebin post with the cloudnuke url, keys, and a stolen credit card would look pretty appetizing for bored people. I'm not saying this shouldn't exist exactly.. maybe some kind of additional identity verification would make it less scary tho.