Hi team ,
I want to pass a variable for the value prevent_destroy , Is there any way out of passing this as variable in resource block , and also If we have multiple resources created using for_each function and wants to make sure If specific resource can be deleted. Example If have multiple s3 bucket and all of them are protected with lifecyle prevent_destroy =true and I want to destroy few of them how this can be achieved?
Hi @Nasir,
No, you can’t pass a variable to the prevent_destroy parameter. The prevent_destroy feature isn’t really useful to fully protect a resource though, because it cannot prevent you from simply removing the configuration which will immediately delete it.
If you want to secure portions of the infrastructure, you need to set policies outside of Terraform in order to prevent Terraform from being able to take certain actions. In your case you can use IAM policies to deny DeleteBucket actions.