aws-delete-all

v0.5.56 suspicious
4.0
Medium Risk

A script that concurrently deletes common AWS resources like S3 buckets, RDS instances, and EC2 instances across all AWS regions.

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risk due to its capability to interact with AWS services and retrieve credentials, though it lacks clear evidence of malicious intent.

  • moderate credential risk
  • network interaction through urllib
Per-check LLM notes
  • Network: The use of urllib to make network calls is not inherently malicious but should be reviewed to ensure it aligns with the package's intended functionality.
  • Shell: No shell execution patterns detected, indicating low risk.
  • Obfuscation: No obfuscation patterns detected.
  • Credentials: The code is attempting to retrieve AWS region from environment variables or session, which could be legitimate but also indicates potential risk for credential harvesting if not properly secured.
  • Metadata: The maintainer has only one package, which might indicate a new or less active user, but there are no other red flags.

πŸ“¦ Package Quality Overall: Low (4.2/10)

β—‹ Low Test Suite 1.0

No test suite detected

  • No test files or test-runner configuration detected
β—ˆ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (4180 chars)
β—‹ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
β—ˆ Medium Type Annotations 5.0

Partial type annotation coverage

  • 4 type-annotated function signatures (partial)
✦ High Multiple Contributors 8.0

Active multi-contributor project

  • 4 unique contributor(s) across 100 commits in sinanartun/aws_delete_all
  • Small but multi-author team (3–4 contributors)

πŸ”¬ Heuristic Checks

⚠ Outbound Network Calls score 1.5

Found 1 network call pattern(s)

  • try: with urllib.request.urlopen(url) as response: data = json.loads(
βœ“ Code Obfuscation

No obfuscation patterns detected

βœ“ Shell / Subprocess Execution

No shell execution patterns detected

⚠ Credential Harvesting score 5.0

Found 2 credential access pattern(s)

  • """ return ( os.environ.get('AWS_REGION') or os.environ.get('AWS_DEFAULT_REGION')
  • .get('AWS_REGION') or os.environ.get('AWS_DEFAULT_REGION') or boto3.session.Session().region_n
βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

Email domain looks legitimate: gmail.com

βœ“ Suspicious Page Links

All external links appear legitimate

βœ“ Git Repository History

Repository sinanartun/aws_delete_all appears legitimate

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Sinan Artun" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with aws-delete-all 
Create a Python-based command-line utility named 'AWS-Cleaner' that leverages the 'aws-delete-all' package to streamline the process of cleaning up unused AWS resources. This utility should be able to initiate the deletion of various AWS resources such as S3 buckets, RDS instances, and EC2 instances across all available regions in a user's AWS account. Here’s a detailed breakdown of the steps and features your utility should include:

1. **User Authentication**: Implement a secure method for users to authenticate their AWS credentials using the AWS CLI or Boto3 SDK, ensuring that only authorized users can trigger resource deletions.
2. **Resource Identification**: Develop a feature that identifies all eligible resources (S3 buckets, RDS instances, EC2 instances) across all regions within the user's AWS account. This feature should provide a preview of the resources that will be deleted.
3. **Concurrent Deletion**: Utilize the 'aws-delete-all' package to handle the concurrent deletion of these resources efficiently. Ensure that the deletion process respects any dependencies between resources (e.g., stopping EC2 instances before deleting them).
4. **Progress Tracking**: Implement a progress tracker that updates the user on the status of each deletion task, indicating which resources have been successfully deleted and which might have failed.
5. **Error Handling**: Include robust error handling mechanisms to manage failures during the deletion process. Provide clear feedback to the user about why a particular resource deletion may have failed.
6. **Configuration Options**: Offer configuration options for users to customize the deletion process, such as specifying a dry-run mode where the utility simulates the deletion without actually performing it.
7. **Logging**: Integrate logging functionality to record the entire process of resource identification and deletion, including timestamps and statuses, for audit purposes.
8. **Help and Documentation**: Ensure the utility comes with comprehensive documentation and a help command that explains how to use each feature and troubleshoot common issues.

This project aims to create a powerful yet easy-to-use tool for managing AWS resources, reducing the manual effort required to clean up unused resources and improving overall operational efficiency.

πŸ’¬ Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!