shellfirm covers destructive operations across both Azure and Google Cloud Platform through the azure and gcp check groups.
Azure checks
Delete resource group
| |
|---|
| ID | azure:delete_resource_group |
| Severity | High |
Deleting a resource group destroys every resource within it -- VMs, databases, storage accounts, and all other services.
# Triggers
az group delete --name my-resource-group
az group delete -n production-rg
Delete virtual machine
| |
|---|
| ID | azure:delete_vm |
| Severity | High |
| Alternative | az vm deallocate --name <vm> -- deallocate the VM to stop billing while preserving it |
# Triggers
az vm delete --name my-vm --resource-group my-rg
Delete SQL server
| |
|---|
| ID | azure:delete_sql_server |
| Severity | High |
Deleting an Azure SQL server destroys all databases on that server.
# Triggers
az sql server delete --name my-server --resource-group my-rg
Delete AKS cluster
| |
|---|
| ID | azure:delete_aks_cluster |
| Severity | High |
# Triggers
az aks delete --name my-cluster --resource-group my-rg
Delete storage
| |
|---|
| ID | azure:delete_storage |
| Severity | High |
Covers deletion of storage accounts, containers, and blobs.
# Triggers
az storage account delete --name mystorageaccount
az storage container delete --name mycontainer
az storage blob delete --name myblob
Delete Key Vault
| |
|---|
| ID | azure:delete_keyvault |
| Severity | High |
Deleting a Key Vault removes all secrets, keys, and certificates.
# Triggers
az keyvault delete --name my-vault
Delete AD application / service principal
| |
|---|
| ID | azure:delete_ad_app |
| Severity | High |
# Triggers
az ad app delete --id <app-id>
az ad sp delete --id <sp-id>
Delete Function App
| |
|---|
| ID | azure:delete_functionapp |
| Severity | High |
# Triggers
az functionapp delete --name myfunc --resource-group myrg
Delete Web App
| |
|---|
| ID | azure:delete_webapp |
| Severity | High |
# Triggers
az webapp delete --name myapp --resource-group myrg
Delete Cosmos DB
| |
|---|
| ID | azure:delete_cosmosdb |
| Severity | High |
# Triggers
az cosmosdb delete --name myaccount --resource-group myrg
Azure summary
| ID | Command | Severity |
|---|
azure:delete_resource_group | az group delete | High |
azure:delete_vm | az vm delete | High |
azure:delete_sql_server | az sql server delete | High |
azure:delete_aks_cluster | az aks delete | High |
azure:delete_storage | az storage (account|container|blob) delete | High |
azure:delete_keyvault | az keyvault delete | High |
azure:delete_ad_app | az ad (app|sp) delete | High |
azure:delete_functionapp | az functionapp delete | High |
azure:delete_webapp | az webapp delete | High |
azure:delete_cosmosdb | az cosmosdb delete | High |
GCP checks
Delete project
| |
|---|
| ID | gcp:delete_project |
| Severity | High |
Deleting a GCP project destroys all resources within it.
# Triggers
gcloud projects delete my-project
Delete Compute Engine instance
| |
|---|
| ID | gcp:delete_instance |
| Severity | High |
| Alternative | gcloud compute instances stop <instance> -- stop the instance instead of deleting |
# Triggers
gcloud compute instances delete my-instance
Delete Cloud SQL instance
| |
|---|
| ID | gcp:delete_sql_instance |
| Severity | High |
# Triggers
gcloud sql instances delete my-database
Delete GKE cluster
| |
|---|
| ID | gcp:delete_gke_cluster |
| Severity | High |
# Triggers
gcloud container clusters delete my-cluster
GCS recursive delete
| |
|---|
| ID | gcp:gcs_recursive_delete |
| Severity | High |
| Alternative | gsutil ls gs://<bucket> -- list bucket contents first |
# Triggers
gsutil rm -r gs://my-bucket/data/
GCS remove bucket
| |
|---|
| ID | gcp:gcs_remove_bucket |
| Severity | High |
# Triggers
gsutil rb gs://my-bucket
Delete service account
| |
|---|
| ID | gcp:delete_service_account |
| Severity | High |
# Triggers
gcloud iam service-accounts delete my-sa@my-project.iam.gserviceaccount.com
Delete Cloud Function
| |
|---|
| ID | gcp:delete_function |
| Severity | High |
# Triggers
gcloud functions delete my-function
gcloud functions delete my-function --region us-central1
Delete Cloud Run service
| |
|---|
| ID | gcp:delete_cloud_run |
| Severity | High |
# Triggers
gcloud run services delete my-service
gcloud run services delete my-service --region us-central1
Delete Pub/Sub topic
| |
|---|
| ID | gcp:delete_pubsub_topic |
| Severity | High |
# Triggers
gcloud pubsub topics delete my-topic
Delete secret
| |
|---|
| ID | gcp:delete_secret |
| Severity | High |
# Triggers
gcloud secrets delete my-secret
GCP summary
| ID | Command | Severity |
|---|
gcp:delete_project | gcloud projects delete | High |
gcp:delete_instance | gcloud compute instances delete | High |
gcp:delete_sql_instance | gcloud sql instances delete | High |
gcp:delete_gke_cluster | gcloud container clusters delete | High |
gcp:gcs_recursive_delete | gsutil rm -r gs:// | High |
gcp:gcs_remove_bucket | gsutil rb gs:// | High |
gcp:delete_service_account | gcloud iam service-accounts delete | High |
gcp:delete_function | gcloud functions delete | High |
gcp:delete_cloud_run | gcloud run services delete | High |
gcp:delete_pubsub_topic | gcloud pubsub topics delete | High |
gcp:delete_secret | gcloud secrets delete | High |