$ shellfirm
Protection Coverage

Azure & GCP

Protection patterns for Azure CLI and Google Cloud CLI operations

shellfirm covers destructive operations across both Azure and Google Cloud Platform through the azure and gcp check groups.

Azure checks

Delete resource group

IDazure:delete_resource_group
SeverityHigh

Deleting a resource group destroys every resource within it -- VMs, databases, storage accounts, and all other services.

# Triggers
az group delete --name my-resource-group
az group delete -n production-rg

Delete virtual machine

IDazure:delete_vm
SeverityHigh
Alternativeaz vm deallocate --name <vm> -- deallocate the VM to stop billing while preserving it
# Triggers
az vm delete --name my-vm --resource-group my-rg

Delete SQL server

IDazure:delete_sql_server
SeverityHigh

Deleting an Azure SQL server destroys all databases on that server.

# Triggers
az sql server delete --name my-server --resource-group my-rg

Delete AKS cluster

IDazure:delete_aks_cluster
SeverityHigh
# Triggers
az aks delete --name my-cluster --resource-group my-rg

Delete storage

IDazure:delete_storage
SeverityHigh

Covers deletion of storage accounts, containers, and blobs.

# Triggers
az storage account delete --name mystorageaccount
az storage container delete --name mycontainer
az storage blob delete --name myblob

Delete Key Vault

IDazure:delete_keyvault
SeverityHigh

Deleting a Key Vault removes all secrets, keys, and certificates.

# Triggers
az keyvault delete --name my-vault

Delete AD application / service principal

IDazure:delete_ad_app
SeverityHigh
# Triggers
az ad app delete --id <app-id>
az ad sp delete --id <sp-id>

Azure summary

IDCommandSeverity
azure:delete_resource_groupaz group deleteHigh
azure:delete_vmaz vm deleteHigh
azure:delete_sql_serveraz sql server deleteHigh
azure:delete_aks_clusteraz aks deleteHigh
azure:delete_storageaz storage (account|container|blob) deleteHigh
azure:delete_keyvaultaz keyvault deleteHigh
azure:delete_ad_appaz ad (app|sp) deleteHigh

GCP checks

Delete project

IDgcp:delete_project
SeverityHigh

Deleting a GCP project destroys all resources within it.

# Triggers
gcloud projects delete my-project

Delete Compute Engine instance

IDgcp:delete_instance
SeverityHigh
Alternativegcloud compute instances stop <instance> -- stop the instance instead of deleting
# Triggers
gcloud compute instances delete my-instance

Delete Cloud SQL instance

IDgcp:delete_sql_instance
SeverityHigh
# Triggers
gcloud sql instances delete my-database

Delete GKE cluster

IDgcp:delete_gke_cluster
SeverityHigh
# Triggers
gcloud container clusters delete my-cluster

GCS recursive delete

IDgcp:gcs_recursive_delete
SeverityHigh
Alternativegsutil ls gs://<bucket> -- list bucket contents first
# Triggers
gsutil rm -r gs://my-bucket/data/

GCS remove bucket

IDgcp:gcs_remove_bucket
SeverityHigh
# Triggers
gsutil rb gs://my-bucket

Delete service account

IDgcp:delete_service_account
SeverityHigh
# Triggers
gcloud iam service-accounts delete my-sa@my-project.iam.gserviceaccount.com

GCP summary

IDCommandSeverity
gcp:delete_projectgcloud projects deleteHigh
gcp:delete_instancegcloud compute instances deleteHigh
gcp:delete_sql_instancegcloud sql instances deleteHigh
gcp:delete_gke_clustergcloud container clusters deleteHigh
gcp:gcs_recursive_deletegsutil rm -r gs://High
gcp:gcs_remove_bucketgsutil rb gs://High
gcp:delete_service_accountgcloud iam service-accounts deleteHigh

AWS

Protection patterns for AWS CLI operations including EC2, S3, RDS, IAM, and CloudFormation

Terraform

Protection patterns for Terraform operations including apply, state, and workspace commands

On this page

Azure checksDelete resource groupDelete virtual machineDelete SQL serverDelete AKS clusterDelete storageDelete Key VaultDelete AD application / service principalAzure summaryGCP checksDelete projectDelete Compute Engine instanceDelete Cloud SQL instanceDelete GKE clusterGCS recursive deleteGCS remove bucketDelete service accountGCP summary