Also read – Preventing accidental deletion of resources

Prevent_Destroy in Terraform

Terraform has a few options for detecting and managing drift of resources.

 lifecycle {
    prevent_destroy = true
  }

However, these options only work with terraform – i.e. terraform only prevents and detects it’s own drifts…

Say you mark a resource as prevent_destory, it will respect that. However, it doesn’t stop an admin from deleting the resource through the console (of course, how would it know about that)?

Enter Terraform Refresh

Just need to remember to run refresh every time. From their documentation:

Terraform plan and apply operations run an implicit in-memory refresh as part of their functionality, reconciling any drift from your state file before suggesting infrastructure changes.