EPBR-3910 feat: added do not destroy to resources

service-infrastructure/application/alb-internal.tf

@@ -20,6 +20,11 @@ resource "aws_lb" "internal" {
   }
 
   enable_deletion_protection = false
+
+  lifecycle {
+    prevent_destroy = true
+  }
+
 }
 
 resource "aws_lb_target_group" "internal" {

service-infrastructure/application/ecs.tf

@@ -6,6 +6,10 @@ locals {
 
 resource "aws_ecs_cluster" "this" {
   name = "${var.prefix}-cluster"
+
+  lifecycle {
+    prevent_destroy = true
+  }
 }
 
 resource "aws_ecs_task_definition" "this" {
@@ -113,6 +117,10 @@ resource "aws_ecs_task_definition" "this" {
     operating_system_family = "LINUX"
     cpu_architecture        = "X86_64"
   }
+
+  lifecycle {
+    prevent_destroy = true
+  }
 }
 
 resource "aws_ecs_task_definition" "exec_cmd_task" {
@@ -210,7 +218,9 @@ resource "aws_ecs_service" "this" {
   }
 
   lifecycle {
-    ignore_changes = [desired_count]
+    ignore_changes  = [desired_count]
+    prevent_destroy = true
+
   }
 
   force_new_deployment = true

service-infrastructure/application/front_door/alb.tf

@@ -13,6 +13,10 @@ resource "aws_lb" "public" {
   }
 
   enable_deletion_protection = false
+
+  lifecycle {
+    prevent_destroy = true
+  }
 }
 
 resource "aws_lb_target_group" "public" {
@@ -99,11 +103,6 @@ resource "aws_lb_listener" "public_https" {
   }
 }
 
-#To enable traffic to bypass the CDN update the condition to allow all
-#e.g.no
-#  path_pattern {
-#    values = ["/*"]
-#  }
 
 resource "aws_lb_listener_rule" "forward_cdn" {
   listener_arn = aws_lb_listener.public_https.arn

service-infrastructure/application/front_door/cdn.tf

@@ -74,10 +74,14 @@ resource "aws_cloudfront_distribution" "cdn" {
     Name    = "CDN Distribution"
     Address = each.value
   }
+
+  lifecycle {
+    prevent_destroy = true
+  }
 }
 
 resource "aws_cloudfront_origin_request_policy" "cdn" {
-  name    = "${var.prefix}-cdn-origin-request-policy" # TODO use the var.prefix - check top level vars
+  name    = "${var.prefix}-cdn-origin-request-policy"
   comment = "Origin request policy for the CDN distribution"
 
   cookies_config {

service-infrastructure/aurora_rds/database.tf

@@ -30,4 +30,8 @@ resource "aws_rds_cluster_instance" "this" {
   engine                       = aws_rds_cluster.this.engine
   engine_version               = aws_rds_cluster.this.engine_version
   preferred_maintenance_window = count.index == 0 ? "Sun:01:01-Sun:02:01" : "Sun:02:02-Sun:03:02"
+
+  lifecycle {
+    prevent_destroy = true
+  }
 }

service-infrastructure/aurora_rds/policy.tf

@@ -12,4 +12,8 @@ resource "aws_iam_policy" "rds" {
       }
     ]
   })
+
+  lifecycle {
+    prevent_destroy = true
+  }
 }

service-infrastructure/elasticache/redis.tf

@@ -22,6 +22,10 @@ resource "aws_elasticache_cluster" "redis" {
     log_format       = "json"
     log_type         = "slow-log"
   }
+
+  lifecycle {
+    prevent_destroy = true
+  }
 }
 
 resource "aws_elasticache_subnet_group" "this" {

service-infrastructure/networking/routing.tf

@@ -1,22 +1,38 @@
 resource "aws_route_table" "public" {
   vpc_id = aws_vpc.this.id
+
+  lifecycle {
+    prevent_destroy = true
+  }
 }
 
 resource "aws_route" "public" {
   route_table_id         = aws_route_table.public.id
   destination_cidr_block = "0.0.0.0/0"
   gateway_id             = aws_internet_gateway.this.id
+
+  lifecycle {
+    prevent_destroy = true
+  }
 }
 
 resource "aws_route_table_association" "public" {
   count          = length(aws_subnet.public)
   subnet_id      = element(aws_subnet.public[*].id, count.index)
   route_table_id = aws_route_table.public.id
+
+  lifecycle {
+    prevent_destroy = true
+  }
 }
 
 resource "aws_route_table" "private" {
   count  = length(aws_subnet.private)
   vpc_id = aws_vpc.this.id
+
+  lifecycle {
+    prevent_destroy = true
+  }
 }
 
 
@@ -25,19 +41,31 @@ resource "aws_route" "private" {
   route_table_id         = element(aws_route_table.private[*].id, count.index)
   destination_cidr_block = "0.0.0.0/0"
   nat_gateway_id         = element(aws_nat_gateway.this[*].id, count.index)
+
+  lifecycle {
+    prevent_destroy = true
+  }
 }
 
 
 resource "aws_route_table_association" "private" {
   count          = length(aws_subnet.private)
   subnet_id      = element(aws_subnet.private[*].id, count.index)
   route_table_id = element(aws_route_table.private[*].id, count.index)
+
+  lifecycle {
+    prevent_destroy = true
+  }
 }
 
 
 resource "aws_route_table" "private_db" {
   count  = length(aws_subnet.private_db)
   vpc_id = aws_vpc.this.id
+
+  lifecycle {
+    prevent_destroy = true
+  }
 }
 
 
@@ -46,12 +74,20 @@ resource "aws_route" "private_db" {
   route_table_id         = element(aws_route_table.private_db[*].id, count.index)
   destination_cidr_block = "0.0.0.0/0"
   nat_gateway_id         = element(aws_nat_gateway.this[*].id, count.index)
+
+  lifecycle {
+    prevent_destroy = true
+  }
 }
 
 resource "aws_route_table_association" "private_db" {
   count          = length(aws_subnet.private_db)
   subnet_id      = element(aws_subnet.private_db[*].id, count.index)
   route_table_id = element(aws_route_table.private_db[*].id, count.index)
+
+  lifecycle {
+    prevent_destroy = true
+  }
 }
 
 

service-infrastructure/rds/policy.tf

@@ -12,4 +12,8 @@ resource "aws_iam_policy" "rds" {
       }
     ]
   })
+
+  lifecycle {
+    prevent_destroy = true
+  }
 }

service-infrastructure/waf/waf.tf

@@ -141,6 +141,10 @@ resource "aws_wafv2_web_acl" "this" {
     metric_name                = "waf-metrics"
     sampled_requests_enabled   = false
   }
+
+  lifecycle {
+    prevent_destroy = true
+  }
 }
 
 resource "aws_wafv2_ip_set" "allowed_ip_addresses" {