RDS Deletion Protection

[nomeelnoj]

Current Terraform Version

Terraform v0.11.8

Use-cases

Some companies have trigger happy users, and it would be nice to protect against them by being able to turn on deletion protection for RDS

Attempted Solutions

None

Proposal

Allow terraform users to enable deletion protection. If using terraform to also delete the instance, there could be a "force" command or a user prompt to verify if deletion protection is turned on. If force is true or the user accepts, terraform could turn off deletion protection before destroying. This option is available in the CLI with modify-db-instance [--deletion-protection | --no-deletion-protection]

[kevlened]

I believe prevent_destroy under the lifecycle meta-parameter should prevent deletion. To override it, use a ternary operator on a variable you pass into the configuration.

edit: I see. This is a new AWS feature to prevent deletion, even outside of Terraform.

[bflad]

Support for the new deletion_protection argument was handled in the AWS provider via:

• aws_db_instance: resource/aws_db_instance: Add deletion_protection argument terraform-provider-aws#6011
• aws_rds_cluster: resource/aws_rds_cluster: Add deletion_protection argument terraform-provider-aws#6010

Which were both released yesterday with version 1.39.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.