[Feature] Check resource's deletion (terminate) protection before stack deletion #475
Description
Is your feature request related to a problem? Please describe.
We have already checked EnableTerminationProtection for the stack before stack deletion.
But when deleting a stack with EC2 or RDS or Cognito with delete protection enabled, the deletion is executed halfway through and then fails with the deletion on that resource, giving an error.
However, it may be a good idea to have a mechanism to check this before performing the deletion.
Describe the solution you'd like
Check resource's deletion (terminate) protection before stack deletion
Additional context
Consider not only checking, but also removing the protection option? (and EnableTerminationProtection for the stack too? Too risky indeed?)
Is this inconsistent with exclusion of the Deletion Policy Retain's resources? Use with this option -f? (#485)
And should consider which method is better:
- Update the template near the RemoveDeletionPolicy method.
- Call modify API with
--no-deletion-protectionper resource- It might be troublesome if there are resources for which there is no way to change only deletion-protection and only an API to update the entire resource exists.
P.S: Log groups update: https://aws.amazon.com/jp/about-aws/whats-new/2025/11/amazon-cloudwatch-deletion-protection-logs/