I need to protect some critical resources from destroying by any means.
Using the prevent_destroy lifecycle block doesn’t work with
terraform apply as I understand from the documentation and as I tested myself.
So, how can I enforce the prevent_destroy with the
apply command and not only with
The only sure way to prevent destroying by any means is to set a policy in an external system which can prevent destruction of the resource (many services even have options on individual resources to do this). The
prevent_destroy feature within Terraform still needs a way to allow overriding or changing the configuration, which means the policy must always be verified outside of Terraform to be enforceable.