thousands-hairdresser-72380
03/10/2022, 2:33 PM[org]/prod
stack for a project never gets deleted (or has some relatively difficult guard against it)?billowy-army-68599
thousands-hairdresser-72380
03/10/2022, 3:11 PM{ protect: stack === 'prod' }
to every resource we create, right?
And that would prevent its deletion (but not modification?)
But for ECS `TaskDefinition`s which are deleted on each update of the app, we couldn’t add protected there.
Which, if someone did run pulumi destroy
, it would destroy those (which is still very bad as the app would be down)
The only other solution I could think of here was using the automation api as a layer to abort if someone is attempting to modify prod locally (not from CI).
I’ve just found that masking functionality with the automation API provides a slightly less intuitive interface to working with a Pulumi project (especially for developers who are less familiar with Pulumi).billowy-army-68599
thousands-hairdresser-72380
03/10/2022, 3:17 PMprotect
property) and in the start have some sort of condition:
if(stack === 'prod' && weAreNotInCIorSuperSure()) {
throw new Error('Updating prod outside of CI is not supported!')
}
billowy-army-68599
thousands-hairdresser-72380
03/10/2022, 3:40 PM