@go-to-k/cdkd 0.58.0 → 0.59.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +37 -2
- package/dist/cli.js +903 -74
- package/dist/cli.js.map +4 -4
- package/dist/go-to-k-cdkd-0.59.0.tgz +0 -0
- package/dist/index.js.map +2 -2
- package/package.json +3 -2
- package/dist/go-to-k-cdkd-0.58.0.tgz +0 -0
package/README.md
CHANGED
|
@@ -508,8 +508,43 @@ synth and is not stored in cdkd's state.json. Use `cdkd destroy`
|
|
|
508
508
|
when synth is available, or accept that `state destroy` is the
|
|
509
509
|
explicit "I know what I'm doing, ignore CDK guards" escape hatch.
|
|
510
510
|
|
|
511
|
-
|
|
512
|
-
|
|
511
|
+
### `--remove-protection`: one-shot bypass for protected resources
|
|
512
|
+
|
|
513
|
+
`cdkd destroy --remove-protection` and `cdkd state destroy
|
|
514
|
+
--remove-protection` flip every protection flag off in-place
|
|
515
|
+
before each provider's delete API call so the destroy proceeds
|
|
516
|
+
without an intermediate edit / redeploy. The flag covers both
|
|
517
|
+
stack-level `terminationProtection` (the bypass logs a WARN line
|
|
518
|
+
naming the stack) and resource-level protection on the following
|
|
519
|
+
types:
|
|
520
|
+
|
|
521
|
+
| Resource type | Protection field |
|
|
522
|
+
| --- | --- |
|
|
523
|
+
| `AWS::Logs::LogGroup` | `DeletionProtectionEnabled` |
|
|
524
|
+
| `AWS::RDS::DBInstance` | `DeletionProtection` |
|
|
525
|
+
| `AWS::RDS::DBCluster` | `DeletionProtection` |
|
|
526
|
+
| `AWS::DynamoDB::Table` | `DeletionProtectionEnabled` |
|
|
527
|
+
| `AWS::EC2::Instance` | `DisableApiTermination` |
|
|
528
|
+
| `AWS::ElasticLoadBalancingV2::LoadBalancer` | attribute `deletion_protection.enabled` |
|
|
529
|
+
| `AWS::Cognito::UserPool` | `DeletionProtection` (`ACTIVE` / `INACTIVE`) |
|
|
530
|
+
| `AWS::AutoScaling::AutoScalingGroup` | `DeletionProtection` (`none` / `prevent-force-deletion` / `prevent-all-deletion`) — flag also sets `ForceDelete: true` so AWS terminates running instances as part of the delete |
|
|
531
|
+
|
|
532
|
+
The flip-off call is idempotent — providers always issue it when
|
|
533
|
+
the flag is set, regardless of whether the resource currently has
|
|
534
|
+
protection on. This is per-PR-level: a single `--remove-protection`
|
|
535
|
+
covers every protection-bearing type listed above; there is no
|
|
536
|
+
per-type variant.
|
|
537
|
+
|
|
538
|
+
The interactive confirmation prompt is updated when the flag is
|
|
539
|
+
set: `About to destroy N resources from stack "X", REMOVING
|
|
540
|
+
DELETION PROTECTION on K of them. Continue? (y/N)`. The default
|
|
541
|
+
flips from `Y/n` to `y/N` so the destructive bypass requires an
|
|
542
|
+
explicit `y` / `yes`. `--yes` / `-y` / `-f` skips the prompt.
|
|
543
|
+
|
|
544
|
+
Other protected resource types (CloudFront Distributions, Lambda
|
|
545
|
+
function reserved concurrency, S3 bucket retention, etc.) are
|
|
546
|
+
out of scope — the flag list is curated to the cases where AWS
|
|
547
|
+
exposes a synchronous "flip protection off" API call.
|
|
513
548
|
|
|
514
549
|
`cdkd diff` (read-only) and `cdkd deploy` (forward-only) are
|
|
515
550
|
unaffected — only destroy is gated.
|