Do not delete existing resources when destroying a stack in AWS-CDK

Question

often times one must import existing resources into a stack when working with aws-cdk. When we "destroy" the stack we take it for granted that the existing resources we imported are not deleted along with everything else.

Is it possible to explicitly not destroy a resource during the destroy process?

Answer 1

Jason Wadsworth gives a good answer above re applyRemovalPolicy().

You can apply policies at the resource level and at the stack level.

You can also take care to set appropriate IAM policies for your users (including perhaps the API user that you use for the cdk) such that they couldn't delete your protected resources even if they wanted to.

You might want to look into the --enable-termination-protection flag supported by aws-cli.

Finally, a cheap and easy way to ensure that a given resource won't get inadvertently deleted that requires minimal aws knowledge + cdk experience is to simply define the resource outside the cdk, e.g. via the console, aws-cli, etc.

Starting out, this might help offer some peace of mind that you or a colleague won't accidentally return something like an EIP to Amazon's pool if, for example, there were a bunch of external dependencies and considerations like whitelists and third-party firewall rules tied to it.

Welcome to StackOverflow, don't forget to "accept" the answer that you feel provides the best solution to your problem :).

Answer 2

Imported resources won't actually be a part of your new stack (i.e. they won't be resources in the generated CloudFormation). So if you are only concerned with those resources you don't need to worry.

If you are wanting to make sure something in the stack is not being deleted when the stack is deleted you can call the applyRemovalPolicy(RemovalPolicy.RETAIN) on the resource.