I have defined route53 zone and records to that zone, the issue I have is that if someone creates a record manually - it won’t be deleted by terraform apply and wondering if there is any option of the STRICT zone to be sure that the only records that are in the zone are made from terraform
As with all resources in Terraform only the ones referenced in the state file are managed. Anything else is not and indeed Terraform has no knowledge of. There is nothing that would automatically cause Terraform to manage any manually created Route53 records. Also, Terraform only operates when you run terraform apply so there is nothing to prevent other authorised users from manipulating resources. The only thing you do know is that when running the apply it should adjust all managed resources to be in the state defined by the code.
I was thinking that was the case, although terraform ultradns with ultradns_record works “better” as it would delete anything that was outside terraformed when terraform apply.
I would expect to have an argument in a zone that I want to have it strictly whatever it is in the state, but I guess there is nothing like that