Resoto vs. AWS Nuke
Resoto can be used as an alternative to AWS Nuke.
Similarities Between Resoto and AWS Nuke
With both Resoto and AWS Nuke, you can:
- Nuke an AWS account
- Delete resources
- List resources marked for deletion
- Protect individual resources and resource groups from deletion
Both Resoto and AWS Nuke are open source.
Differences Between Resoto and AWS Nuke
AWS Nuke was built for managing AWS resources, and addresses a single use case only: deleting AWS resources for cost savings.
|Discovery||Discovers resources and visualizes the "blast radius" of deleting a resource.||Does not offer resource discovery or inspection.|
Can only delete resources listed in the AWS Nuke configuration file.
|Cleanup||Performs dependency-aware resource cleanup, deleting resources in the required order based on delete dependencies.||Performs "brute force" deletion of resources without regard for dependencies, which can lead to errors.|
Leaves behind orphaned resources that may require AWS support to delete.
|Data Model||Uses a unified data model for all platforms and resources.|
Unifying base properties and common abstractions allows you to search, sort, aggregate, and act on a higher level of abstraction and query resources across clouds.
|Properties (e.g., resource age) are not represented consistently across resources.|
Only supports filtering by ARNs.
|Automation||Offers commands and jobs to automate resource management and/or remediation.|
Can be used to write custom code and rules for any resource.
|Runs a single time. Does not offer scheduling or job functionality.|
Requires custom scripts to generate configuration files targeting specific resources and/or resource groups.
Can timeout when scheduled using AWS services (e.g., AWS Lambda has a maximum execution time of 15 minutes).
|Multi-Account||Cleans up resources in any number of accounts in a single run.||Does not offer multi-account support.|
|Performance||Separates data ingest, transformations, storage, and queries for a scalable approach to analyzing infrastructure.||Does not allow for resource analysis independent of delete runs.|
Requires multiple, time-consuming passes to find resources to delete.