No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

you could also use the protect: true on those things once you're happy with them (<https://www.pulumi.com/docs/intro/concepts/resources/#protect>)

Yeah considered that too. But it's easy to just remove it (though that might not be a refactoring but more deliberate altering)

I'm not sure if you're aware (I wasn't), it's not the same as a terraform `prevent_destroy`, you have to use the CLI to remove it... making it quite useful when combined with users not have access to the CLI

i.e. once you've added it, it's there, you can't just remove the code and it will destroy it.

In Azure I've coupled that with a lock on the resource for extra protection.

I've hit it in CI (which is where I noticed it), but I was using the Azure Blob backend, I'm not sure if that's a nuance of the Azure blob backend though.

<https://www.pulumi.com/docs/reference/cli/pulumi_state_unprotect/>

When you look at the CLI though, it does seem to suggest that it's the only way to remove the protect bit from the state