[CLI] Record any changes in stack termination protection flag as an event in the stack itself

[idclipr]

Record any changes in stack termination protection flag as an event in the stack itself.

Use Case

Currently cdk bootstrap command enables and disables the termination protection flag based on the presence or absence of the --termination-protection option in the command line. Users can also modify that flag in AWS Console at any time.

However, this change does not have any audit record and it's impossible to understand when/why/by whom the flag setting have changed.

Proposed Solution

Add a "stack event" for the termination protection flag change so that it shows up in "Events" in AWS Console.

Other

This is somewhat a follow-up to #9002 and subsequent #10091, so it can be considered a bug of how the flag was implemented to begin with (and not a new "feature").

• 👋 I may be able to implement this feature request
• ⚠️ This feature might incur a breaking change

---

This is a 🚀 Feature Request but could be viewed as a bug of the initial implementation

[rix0rrr]

We don't have the power to make those changes in the AWS Console. But CloudTrail has a full record of all API calls done to any service so it will show up there.

[SomayaB]

Closing this issue since there doesn't seem to be anything actionable for the cdk. Feel free to reopen.

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.