wouldd
commented
1 year ago raised: https://github.com/PaloAltoNetworks/terraform-aws-vmseries-modules/pull/335 to address this request
Closed wouldd closed 1 year ago
wouldd
commented
1 year ago raised: https://github.com/PaloAltoNetworks/terraform-aws-vmseries-modules/pull/335 to address this request
migara
commented
1 year ago Fixed in #335
Is your feature request related to a problem?
Not to sound like the person that's paranoid about accidentally deleting things... but having added protection to the firewall instance we noticed that we'd also like to switch it on for the loadbalancer. Currently it's not being specified at all so just defaulting to false at the aws level.
Describe the solution you'd like
Keep the default false behaviour but expose a variable to allow setting deletion protection on for those that want it. I will create and submit a PR for this behavior so if you're happy with this option you can just accept the PR
Describe alternatives you've considered.
as with the instance issue we could try manually setting it but that rather defeats teh point of using terraform
Additional context
it's obviously somewhat less problematic to accidentally delete a loadbalancer than it is to do the same to the fiewall itself. but there is always a risk that someone does something subtle in terraform that causes AWS to decide it's only option is to destroy/recreate a resource and that means messing up any DNS pointing to the lb. I've certainly experienced issues with people not quite noticing the terraform plan details are going to recreate something that then has broader impacts. So we'd prefer to have the protection in place.