I'm not familiar with every lifecycle argument but I don't know of any that prevent resources being destroyed if they are removed from the tf file (what the parent was talking about). prevent_destroy, per docs, only applies as long as the resource is defined.
I think the only way to avoid accidentally destroying a resource is to refer to it somewhere else, like in a depends_on array. At least that would block the plan.
>I don't know of any that prevent resources being destroyed if they are removed from the tf file (what the parent was talking about).
Azure Locks (which you can also manage with Terraform), Open Policy Agent, Sentinel rules, etc. will prevent a destroy even if you remove the definition from your Terraform codebase. Again, if you're not operationally mature enough, the problem isn't the tool, it's you.
"Operationally mature" is code here for "the gun starts out loaded and pointed at your foot". It's fine to point out that that's a suboptimal design for a tool.
>Operationally mature" is code here for "the gun starts out loaded and pointed at your foot"
No, it's code for "don't build a load bearing bridge if you don't understand structural engineering."
> It's fine to point out that that's a suboptimal design for a tool.
This isn't "suboptimal" though. If you delete a stored procedure in your RDBMS and it causes an outage, it's not because SQL/PostgreSQL is suboptimal. Similarly if you accidentally delete files from your file system, it's not because file systems are "suboptimal". It's because you weren't operationally mature enough to have proper testing and backups in place.
Defaults matter. I don't know how else to express that a system which fails safe in the face of fallible humans is strictly better, all else being equal, than the alternative.
It doesn't just "get deleted," by default it prompts and warns the user that there is a deletion planned, and the user must manually confirm the deletion. There is no issue.
I think the only way to avoid accidentally destroying a resource is to refer to it somewhere else, like in a depends_on array. At least that would block the plan.