Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Enable termination protection of a stack
See original GitHub issueHello,
in CloudFormation there is a feature of termination protection:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-protect-stacks.html
https://docs.aws.amazon.com/cli/latest/reference/cloudformation/create-stack.html see --enable-termination-protection
Would it be possible to implement this feature in CDK so that one can set this flag and stack wouldn’t be allow to be destroyed?
Issue Analytics
- State:
- Created 5 years ago
- Reactions:19
- Comments:15 (9 by maintainers)
Top Results From Across the Web
AWS CloudFormation provides Stack Termination Protection
AWS CloudFormation now allows you to protect a stack from being accidently deleted. You can enable termination protection on a stack when ...
Read more >Protecting a stack from being deleted - Amazon CloudFormation
You can prevent a stack from being accidentally deleted by enabling termination protection on the stack. If a user attempts to delete a...
Read more >Enable AWS CloudFormation Stack Termination Protection
Ensure that Amazon CloudFormation stacks have Termination Protection feature enabled in order to protect them from being accidentally ...
Read more >Termination protection to be managed from the stack template
This is a feature request to be able to add an attribute inside the template to protect the stack from termination, instead of...
Read more >Enable/Disable EC2 Termination Protection using ...
Step 1: Provide proper permission to your user/role · Step 2: Prepare the template · Step 3: Create the Stack using prepared template...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Hi folks.
This is a feature I’m also interested in. I was under the impression I could tag native CF commands on to the cdk cli but was disappointed to find that:
cdk deploy --enable-termination-protection(and different variations along those lines) did not workI thought a cool workaround would be implementing some sort of
cloudformation:DeleteStackEffect.DENYtype Policy Doc. I was inspired by the iam policy document test in the cdk source: https://github.com/aws/aws-cdk/blob/master/packages/%40aws-cdk/aws-iam/test/policy-document.test.ts#L62Unfortunately my attempts to do anything similar were not successful. I couldn’t get the IAM changes to show up in the template, nor could I block any type of stack deletion attempts.
Here are my gists where I POCed it in a bare bones new cdk init app:
My preferable solution in the end was to use an AWSCustomResource. It works very nicely. https://gist.github.com/jewelsjacobs/69dcad5e398075f60628322a591b105d
Sorry if this seems verbose but I’m including all of this info to:
@eladb , I think I might be able to pick this one up… but will need to have a bit of a view on integration tests.
If this is only for the client (cdk deploy --enable-termination-protection), it should not take me long. If it is both, meaning having something in the constructor, it will probably grow arms and legs and take a couple of months as it did happen with the tags.
As a workaround you can run the aws cli or sdk: https://docs.aws.amazon.com/cli/latest/reference/cloudformation/update-termination-protection.html https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/cloudformation.html#CloudFormation.Client.update_termination_protection