numerous-energy-27817
02/14/2024, 11:02 AMlively-crayon-44649
02/14/2024, 11:40 AMcommand
resources to run arbitrary commands. To prevent the disaster scenario, you could opt not to provide the delete
command (so that deleting the resource is a no-op -- requires manual clean-up from you), mark the resource as protect: true
so that it's harder to delete it accidentally, or some combination of the two.
Disclaimer: while I've used both Pulumi automation and protected resources, I might be a missing a case where these might not offer the kind of guarantees you are looking for!billions-xylophone-85957
02/14/2024, 11:52 AMechoing-dinner-19531
02/14/2024, 11:15 PMgifted-gigabyte-53859
03/18/2024, 8:07 AMif bootstrap_completed is empty or false {
run bootstrap_database
set secret bootstrap_completed = true // external secret within your environment, e.g. AWS Secrets Manager
}
If I'm not making some kind of huge logic flaw, this will only ever run once
Scenario 1: new stack. Secret doesn't exist yet. bootstrap runs, secret gets set.
Scenario 2: subsequent runs on existing stack. Secret exists and is true. bootstrap doesn't run.