With #85 done, users can now add a enableTerminationProtection flag to cfnUpdate in order to add termination protection on creation. While these stacks can now be created and modified, there's currently no way (that I've seen) that allows automatic cleanup of stacks with this protection enabled. I'd like to add this, so stacks can have termination protection on over their lifetime, but still be managed automatically for deletion.
Upstream changes
No response
Are you interested in contributing this feature?
I'm looking to contribute this feature, and my first question is that of interface. I see three options (and open to others). My lean is probably towards the first, but they all have some reason for consideration. Curious to get thoughts here, and then I'll take a stab at putting a PR together.
Add cfnUpdateTerminationProtection
This most closely aligns to the AWS APIs, and would enable users to add or remove protection from any stack at any time. It is a bit clunky to add such a special case option as a primary capability.
This would mirror the way that stacks can be created with termination protection on. If set, termination protection would be disabled first before deletion. Downsides are that this isn't how the AWS APIs work, and that this might be too easy to do, to the point of going against the spirit of termination protection.
Since cfnUpdate already has distinct behavior for when the stack does or does not exist, this would add behavior to notice if the flag was not null against an existing stack, and act accordingly. I don't expect it would support mixing of parameters for normal updates and for termination protection updates. This is how I thought it worked at first read, and there's some advantage to just making this already smart function smarter, but it doesn't match AWS APIs.
What feature do you want to see added?
With #85 done, users can now add a
enableTerminationProtectionflag tocfnUpdatein order to add termination protection on creation. While these stacks can now be created and modified, there's currently no way (that I've seen) that allows automatic cleanup of stacks with this protection enabled. I'd like to add this, so stacks can have termination protection on over their lifetime, but still be managed automatically for deletion.Upstream changes
No response
Are you interested in contributing this feature?
I'm looking to contribute this feature, and my first question is that of interface. I see three options (and open to others). My lean is probably towards the first, but they all have some reason for consideration. Curious to get thoughts here, and then I'll take a stab at putting a PR together.
Add
cfnUpdateTerminationProtectionThis most closely aligns to the AWS APIs, and would enable users to add or remove protection from any stack at any time. It is a bit clunky to add such a special case option as a primary capability.
Add
disableTerminationProtectiontocfnDeleteThis would mirror the way that stacks can be created with termination protection on. If set, termination protection would be disabled first before deletion. Downsides are that this isn't how the AWS APIs work, and that this might be too easy to do, to the point of going against the spirit of termination protection.
Add special behavior for
cfnUpdateSince
cfnUpdatealready has distinct behavior for when the stack does or does not exist, this would add behavior to notice if the flag was not null against an existing stack, and act accordingly. I don't expect it would support mixing of parameters for normal updates and for termination protection updates. This is how I thought it worked at first read, and there's some advantage to just making this already smart function smarter, but it doesn't match AWS APIs.