Termination protection on EC2 instances #395
Comments
|
Well, AWS has other delete protections in place (RDS for example). I could not think of a configuration property which simply says "ignore them" - this would be default off and would need to be enabled per account / nuke-config. @rebuy-de/prp-aws-nuke WDYT? |
|
That hasn't occurred to me, but yeah, a deliberate flag on the nuke-config sounds like a great approach. |
|
I would not like to use flags for this. The reason for this is, that AWS has a plethora of very different services and resources. This means, when we figure out that another resources needs some kind of configuration [1] we would start to add even more flags. IMO this approach would make the whole interface less clear. Instead of adding flags, I would recommend to add this kind of flags directly into the nuke-config. We could add this configs either to the resource level (like filters) or to the resource-types.
I really really really hope that this is not the case anywhere, but I know it is likely to happen somewhere :( [1]: One other example would be to remove S3 buckets without having to delete all objects one-by-one. |
svenwltr
added
kind/enhancement
|
Agreed. I'll take a stab at looking into a config flag from the nuke-config itself. |
|
Solved in #417 |
Disabling termination protection on EC2 instances has been raised in the past (#279, #258), so I'm looking into shimming that in now.
Something I realized while working on it though is that if the tool starts to indiscriminately delete EC2 instances, termination protection or not (by disabling termination protection prior to deletion), it might be plausible that some users may have relied on the tool not deleting protected EC2 instances by now. Suddenly changing that behavior may have catastrophic consequences.
The way I'm approaching the problem now is to have
EC2Instancebe aware of whether or not it's protected, and filter itself out if it is. Easy enough to do that.However, this means that a new flag (
--override-termination-protection?) will be introduced to force deletion, but it seems that there's no way for resources to inspect theNukeparameters of which flags have been set at runtime. It's entirely possible that I'm just missing something here, but forcing this strategy may mean significant changes not warranted by a simple behavior change.Then again, on the other hand, the tool could just be indiscriminate about it, and just not care. Simpler, straightforward, but potentially a catastrophic change.
Thoughts?
The text was updated successfully, but these errors were encountered: