Hi,
I need to protect some critical resources from destroying by any means.
Using the prevent_destroy lifecycle block doesn’t work with terraform apply
as I understand from the documentation and as I tested myself.
So, how can I enforce the prevent_destroy with the apply
command and not only with destroy
?
Thanks,
Hi @nurhun,
The only sure way to prevent destroying by any means is to set a policy in an external system which can prevent destruction of the resource (many services even have options on individual resources to do this). The prevent_destroy
feature within Terraform still needs a way to allow overriding or changing the configuration, which means the policy must always be verified outside of Terraform to be enforceable.