Describe the issue
Add documentation about removing AWS resources created through Terraform that encounter an explicit deny on deletion due to Service Control Policies (SCPs).
Additional context
Users may encounter situations where Terraform-created AWS resources (such as KMS aliases and CloudWatch log groups) are protected from deletion by SCPs. The solution is to remove these resources from the Terraform state.
Definition of done
[ ] Add a new entry to our public documentation explaining:
The problem: Terraform unable to delete certain AWS resources due to SCPs
The solution: Removing these resources from the Terraform state
Include brief steps on how to remove resources from Terraform state
Describe the issue Add documentation about removing AWS resources created through Terraform that encounter an explicit deny on deletion due to Service Control Policies (SCPs).
Additional context Users may encounter situations where Terraform-created AWS resources (such as KMS aliases and CloudWatch log groups) are protected from deletion by SCPs. The solution is to remove these resources from the Terraform state.
Definition of done