-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable termination protection of a stack #1682
Comments
To add some details - if I create a stack with CDK using |
+1 |
@eladb , I think I might be able to pick this one up... but will need to have a bit of a view on integration tests. If this is only for the client (cdk deploy --enable-termination-protection), it should not take me long. As a workaround you can run the aws cli or sdk: |
Hi folks. This is a feature I'm also interested in. I was under the impression I could tag native CF commands on to the cdk cli but was disappointed to find that:
I thought a cool workaround would be implementing some sort of Unfortunately my attempts to do anything similar were not successful. I couldn't get the IAM changes to show up in the template, nor could I block any type of stack deletion attempts. Here are my gists where I POCed it in a bare bones new cdk init app:
My preferable solution in the end was to use an AWSCustomResource. It works very nicely. Sorry if this seems verbose but I'm including all of this info to:
|
Hey @Visorgood, Sorry for so long without a response. This seems like a totally reasonable feature! 😸 |
@eladb Insight on integration tests for @IsmaelMartinez? |
Hi @NGL321, I assume I can use the ones in https://github.com/aws/aws-cdk/tree/master/packages/aws-cdk/test/integ/cli as a template... but let me know if there is a better guide. As far as I can see in here https://aws.amazon.com/premiumsupport/knowledge-center/cloudformation-accidental-updates/ the only way to enable termination protection is either by the UI or client, there is no Cloudformation attribute for it (but I am not an expert on cloudformation) If I don't read it wrong, adding a policy will prevent from elements on your stack been deleted once you delete the stack itself. I don't think we are talking about that case in here. Let me know if my assumptions are correct and I can help (or work on) this. https://github.com/aws/aws-cdk/blob/master/packages/aws-cdk/bin/cdk.ts |
Is there any time-line on this issue, expected release version/month ? |
When is this feature expected to release? |
I am waiting for a response... and then I might be able to dedicate some time to it. Either of you feel free to make the changes and I am happy to help with the little that I know. |
@IsmaelMartinez I think the best approach here would be to add a
There you could call |
But this would maybe not fit with #3437 |
Thanks for the reply. Yeah, I thought about going down that route. The question is more, do we want to also add a policy to stop accidental delete of elements in your stack? If I the functionality, the enable termination protection stops you from deleting the stack, but you can delete all the elements in a stack if you want. If we only enable the termination protection, as it is, I don’t think it should have much impact in #3437 (but I might be wrong!). |
do we know any tentative date when this feature is releasing? |
Add a `terminationProtection` prop to `StackProps` to enable stack termination protection. Closes aws#1682
Add a `terminationProtection` prop to `StackProps` to enable stack termination protection. Closes aws#1682
Add a `terminationProtection` prop to `StackProps` to enable stack termination protection. This does not require extra IAM permission for existing CDK stacks (`cloudformation:UpdateTerminationProtection`). The logic to evaluate if we can skip deploy is now moved to a separate function. Closes #1682
Hello,
in CloudFormation there is a feature of termination protection:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-protect-stacks.html
https://docs.aws.amazon.com/cli/latest/reference/cloudformation/create-stack.html see
--enable-termination-protection
Would it be possible to implement this feature in CDK so that one can set this flag and stack wouldn't be allow to be destroyed?
The text was updated successfully, but these errors were encountered: