How can one ensure that the

[org]/prod

stack for a project never gets deleted (or has some relatively difficult guard against it)?

@thousands-hairdresser-72380 - you can protect the resources in the stack, is that what you're referring to?

If that were the case, that would look like adding

{ protect: stack === 'prod' }

to every resource we create, right? And that would prevent its deletion (but not modification?) But for ECS `TaskDefinition`s which are deleted on each update of the app, we couldn’t add protected there. Which, if someone did run

pulumi destroy

, it would destroy those (which is still very bad as the app would be down) The only other solution I could think of here was using the automation api as a layer to abort if someone is attempting to modify prod locally (not from CI). I’ve just found that masking functionality with the automation API provides a slightly less intuitive interface to working with a Pulumi project (especially for developers who are less familiar with Pulumi).

you can easily wrap the automation API into a command line tool which becomes a much more useful interface than any other IaC tool 😄

Cool! So would my assumptions around `protect`ing be correct? And in that way, it would likely be best just to use the automation API (without using the

protect

property) and in the start have some sort of condition:

if(stack === 'prod' && weAreNotInCIorSuperSure()) {
  throw new Error('Updating prod outside of CI is not supported!')
}

yeah don't use the protect property for this, I wasn't aware you only wanted to protect the "prod" stack

Woohoo! Thank you so much! I greatly appreciate your immediate response and action! Have a great day!