npm - @go-to-k/cdkd - Versions diffs - 0.57.1 → 0.59.0 - Mend

@go-to-k/cdkd 0.57.1 → 0.59.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md +62 -0
package/dist/cli.js +925 -72
package/dist/cli.js.map +4 -4
package/dist/go-to-k-cdkd-0.59.0.tgz +0 -0
package/dist/index.js +4 -1
package/dist/index.js.map +2 -2
package/package.json +3 -2
package/dist/go-to-k-cdkd-0.57.1.tgz +0 -0

package/README.md CHANGED Viewed

@@ -487,6 +487,68 @@ Two `orphan` variants at different granularities:
 Both `cdkd destroy` (synth-driven) and `cdkd state destroy`
 (state-driven, no synth) delete AWS resources + state.
+## Stack termination protection
+CDK's `new Stack(app, 'X', { terminationProtection: true })` is
+honored by `cdkd destroy` and `cdkd destroy --all`. A protected
+stack is refused before the lock is acquired and before any
+per-resource delete runs; in `--all` runs sibling unprotected
+stacks still destroy and the protected ones contribute to the
+partial-failure exit code 2.
+Bypass workflow:
+1. Edit the CDK code to set `terminationProtection: false`.
+2. Redeploy: `cdkd deploy MyStack`.
+3. Retry: `cdkd destroy MyStack`.
+`cdkd state destroy` (state-only, no synth) does **not** honor
+`terminationProtection` — the flag is a CDK property surfaced via
+synth and is not stored in cdkd's state.json. Use `cdkd destroy`
+when synth is available, or accept that `state destroy` is the
+explicit "I know what I'm doing, ignore CDK guards" escape hatch.
+### `--remove-protection`: one-shot bypass for protected resources
+`cdkd destroy --remove-protection` and `cdkd state destroy
+--remove-protection` flip every protection flag off in-place
+before each provider's delete API call so the destroy proceeds
+without an intermediate edit / redeploy. The flag covers both
+stack-level `terminationProtection` (the bypass logs a WARN line
+naming the stack) and resource-level protection on the following
+types:
+| Resource type | Protection field |
+| --- | --- |
+| `AWS::Logs::LogGroup` | `DeletionProtectionEnabled` |
+| `AWS::RDS::DBInstance` | `DeletionProtection` |
+| `AWS::RDS::DBCluster` | `DeletionProtection` |
+| `AWS::DynamoDB::Table` | `DeletionProtectionEnabled` |
+| `AWS::EC2::Instance` | `DisableApiTermination` |
+| `AWS::ElasticLoadBalancingV2::LoadBalancer` | attribute `deletion_protection.enabled` |
+| `AWS::Cognito::UserPool` | `DeletionProtection` (`ACTIVE` / `INACTIVE`) |
+| `AWS::AutoScaling::AutoScalingGroup` | `DeletionProtection` (`none` / `prevent-force-deletion` / `prevent-all-deletion`) — flag also sets `ForceDelete: true` so AWS terminates running instances as part of the delete |
+The flip-off call is idempotent — providers always issue it when
+the flag is set, regardless of whether the resource currently has
+protection on. This is per-PR-level: a single `--remove-protection`
+covers every protection-bearing type listed above; there is no
+per-type variant.
+The interactive confirmation prompt is updated when the flag is
+set: `About to destroy N resources from stack "X", REMOVING
+DELETION PROTECTION on K of them. Continue? (y/N)`. The default
+flips from `Y/n` to `y/N` so the destructive bypass requires an
+explicit `y` / `yes`. `--yes` / `-y` / `-f` skips the prompt.
+Other protected resource types (CloudFront Distributions, Lambda
+function reserved concurrency, S3 bucket retention, etc.) are
+out of scope — the flag list is curated to the cases where AWS
+exposes a synchronous "flip protection off" API call.
+`cdkd diff` (read-only) and `cdkd deploy` (forward-only) are
+unaffected — only destroy is gated.
 ## `publish-assets`: synth + build + publish, no deploy
 `cdkd publish-assets` runs the asset half of the deploy pipeline