Allow for enabling termination protection

[kddejong]

Not sure if protect should do both but it would be nice to have Termination Protection enabled on stacks created and the logic around it when doing a deletion. While Protect kind of works it doesn't protect us for folks outside of stacker

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-protect-stacks.html

https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/cloudformation.html#CloudFormation.Client.create_stack

[phobologic]

Thanks for this - it's definitely something we could add. Are you imagining that stacker would add the termination protection, but remove it whenever there is a destroy with --force? Basically this is just a method of keeping people from accidentally deleting stacks manually?

[kddejong]

exactly. I'm cool with the flag being removed (turned off) during a destroy action. Or at least that is what I was going to do with the hooks you provide. So I'm partial to that strategy.

This would be to help prevent anyone accidentally deleting the stack from the console/cli or outside of our stacker automation pipelines.

Thanks.

[phobologic]

Yeah, that sounds good. Probably wouldn't be too hard to deal with either. Could easily see this being the default mode as well.

[ejholmes]

I think having this be a configurable global default would be nice. At Remind, it’d definitely make sense to make this the default for all of our stacks, just for added safety.

I think the difficult thing here for stacker is that this is changed via a separate API call to UpdateTerminationProtection. That’d wreak havic on performance if it were called on every stack update. If we only supported this for newly created stacks, then it’d probably be fine.