Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow configuration of AWS Asset RemovalPolicy to prevent accidental deletion #455

Closed
dmeehan1968 opened this issue May 21, 2024 · 3 comments
Closed

Allow configuration of AWS Asset RemovalPolicy to prevent accidental deletion #455

dmeehan1968 opened this issue May 21, 2024 · 3 comments
Assignees
@jayair

Comments

@dmeehan1968
Copy link

I had added a Dynamo DB to my sst config, used it in the app including writing some data. In the process of my work I had to checkout a prior version which caused sst to destroy the DB, so I lost data (only a couple of records so just a minor inconvenience).

AWS CDK allows one to configure the removal policy for assets, to avoid the risk of inadvertant deletion. This does introduce some complications in terms of naming conflicts, and does potentially leave one needing to adopt an existing resource rather than creating a new one.

This may therefore be beyond the scope of SST and in the realms of backup/restore policies, even when in dev environments.
@jayair
Copy link
Contributor

jayair commented May 23, 2024

Do you mean on a per resource basis as opposed to on the entire app? https://github.com/sst/ion/blob/dev/examples/aws-api/sst.config.ts#L7

@jayair jayair self-assigned this May 23, 2024
@dmeehan1968
Copy link
Author

Do you mean on a per resource basis as opposed to on the entire app? https://github.com/sst/ion/blob/dev/examples/aws-api/sst.config.ts#L7

Aah, I'd not spotted that as an option. The docs suggest this is around behaviour during an explicit sst remove, whereas I experienced this during a deploy (because I'd checked out an earlier commit whilst working on a bug). Those options for remove are presumably to give an option to 'detach' oneself from SST and leave all the resources in place?

It's easy to get into a mindset that deploy 'adds' resources, rather than removes them, which is what caught me out. I'd forgotten that I'd added Dynamo between the dev head and the commit I checked out.

In some ways, during deploy, a warning that you are removing storage resources (S3, Dynamo) requiring confirmation (and a --force/yes flag for CI) would seem like a useful behaviour, and/or an explicit removal policy per resource (so the config can define whether its ok to remove or not) would be more robust, especially if the default is to retain.

As an aside, could you then re-add the resource and have it adopted back, or would this just create a name conflict and you'd either have to rename anyway or manually import rather than have SST manage the resource?

@jayair
Copy link
Contributor

jayair commented May 28, 2024

Yeah you can re-add things back into your app's state. We'll have some docs on this moving forward. It'll be the same process when you migrate from SST2 to Ion.

You can set retain on a per resource basis as well: https://www.pulumi.com/docs/concepts/options/retainondelete/, you can pass this in to a Bucket for example through the opts https://ion.sst.dev/docs/component/aws/bucket/#constructor

Screenshot 2024-05-28 at 7 02 46 PM

Closing for now.

@jayair jayair closed this as completed May 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jayair jayair

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jayair @dmeehan1968