aws · mergify · Jul 11, 2020 · Jul 10, 2020 · Jul 10, 2020 · Jul 11, 2020
diff --git a/packages/aws-cdk/README.md b/packages/aws-cdk/README.md
@@ -250,6 +250,9 @@ $ # Deploys only to environments foo and bar
 $ cdk bootstrap --app='node bin/main.js' foo bar
 ```
 
+By default, bootstrap stack will be protected from stack termination. This can be disabled using 
+`--termination-protection` argument.
+
 #### `cdk doctor`
 Inspect the current command-line environment and configurations, and collect information that can be useful for
 troubleshooting problems. It is usually a good idea to include the information provided by this command when submitting

diff --git a/packages/aws-cdk/bin/cdk.ts b/packages/aws-cdk/bin/cdk.ts
@@ -75,7 +75,8 @@ async function parseCommandLineArguments() {
       .option('execute', {type: 'boolean', desc: 'Whether to execute ChangeSet (--no-execute will NOT execute the ChangeSet)', default: true})
       .option('trust', { type: 'array', desc: 'The AWS account IDs that should be trusted to perform deployments into this environment (may be repeated)', default: [], nargs: 1, requiresArg: true, hidden: true })
       .option('cloudformation-execution-policies', { type: 'array', desc: 'The Managed Policy ARNs that should be attached to the role performing deployments into this environment. Required if --trust was passed (may be repeated)', default: [], nargs: 1, requiresArg: true, hidden: true })
-      .option('force', { alias: 'f', type: 'boolean', desc: 'Always bootstrap even if it would downgrade template version', default: false }),
+      .option('force', { alias: 'f', type: 'boolean', desc: 'Always bootstrap even if it would downgrade template version', default: false })
+      .option('termination-protection', { type: 'boolean', default: true, desc: 'Toggle CloudFormation termination protection on the bootstrap stacks' }),
     )
     .command('deploy [STACKS..]', 'Deploys the stack(s) named STACKS into your AWS account', yargs => yargs
       .option('build-exclude', { type: 'array', alias: 'E', nargs: 1, desc: 'Do not rebuild asset with the given ID. Can be specified multiple times.', default: [] })
@@ -253,6 +254,7 @@ async function initCommandLine() {
             execute: args.execute,
             trustedAccounts: args.trust,
             cloudFormationExecutionPolicies: args.cloudformationExecutionPolicies,
+            terminationProtection: args.terminationProtection,
           });
 
       case 'deploy':

diff --git a/packages/aws-cdk/lib/api/bootstrap/bootstrap-environment.ts b/packages/aws-cdk/lib/api/bootstrap/bootstrap-environment.ts
@@ -14,7 +14,7 @@ import { legacyBootstrapTemplate } from './legacy-template';
  *
  * @experimental
  */
-export async function bootstrapEnvironment(environment: cxapi.Environment, sdkProvider: SdkProvider, options: BootstrapEnvironmentOptions): Promise<DeployStackResult> {
+export async function bootstrapEnvironment(environment: cxapi.Environment, sdkProvider: SdkProvider, options: BootstrapEnvironmentOptions = {}): Promise<DeployStackResult> {
   const params = options.parameters ?? {};
 
   if (params.trustedAccounts?.length) {
@@ -43,7 +43,7 @@ export async function bootstrapEnvironment(environment: cxapi.Environment, sdkPr
 export async function bootstrapEnvironment2(
   environment: cxapi.Environment,
   sdkProvider: SdkProvider,
-  options: BootstrapEnvironmentOptions): Promise<DeployStackResult> {
+  options: BootstrapEnvironmentOptions = {}): Promise<DeployStackResult> {
 
   const params = options.parameters ?? {};
 

diff --git a/packages/aws-cdk/lib/api/bootstrap/bootstrap-props.ts b/packages/aws-cdk/lib/api/bootstrap/bootstrap-props.ts
@@ -77,4 +77,11 @@ export interface BootstrappingParameters {
    * @default true
    */
   readonly publicAccessBlockConfiguration?: boolean;
+
+  /**
+   * Whether the stacks created by the bootstrap process should be protected from termination.
+   * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-protect-stacks.html
+   * @default true
+   */
+  readonly terminationProtection?: boolean;
 }
diff --git a/packages/aws-cdk/lib/api/bootstrap/deploy-bootstrap.ts b/packages/aws-cdk/lib/api/bootstrap/deploy-bootstrap.ts
@@ -39,6 +39,7 @@ export async function deployBootstrapStack(
     environment: cxapi.EnvironmentUtils.format(environment.account, environment.region),
     properties: {
       templateFile,
+      terminationProtection: options.parameters?.terminationProtection ?? true,
     },
   });
 

diff --git a/packages/aws-cdk/test/api/bootstrap.test.ts b/packages/aws-cdk/test/api/bootstrap.test.ts
@@ -11,11 +11,13 @@ const env = {
 
 let sdk: MockSdkProvider;
 let executed: boolean;
+let protectedTermination: boolean;
 let cfnMocks: jest.Mocked<SyncHandlerSubsetOf<AWS.CloudFormation>>;
 let changeSetTemplate: any | undefined;
 beforeEach(() => {
   sdk = new MockSdkProvider();
   executed = false;
+  protectedTermination = false;
 
   cfnMocks = {
     describeStacks: jest.fn()
@@ -47,6 +49,10 @@ beforeEach(() => {
       return {};
     }),
     deleteStack: jest.fn(),
+    updateTerminationProtection: jest.fn(() => {
+      protectedTermination = true;
+      return {};
+    }),
   };
   sdk.stubCloudFormation(cfnMocks);
 });
@@ -254,4 +260,26 @@ test('even if the bootstrap stack failed to create, can still retry bootstrappin
   expect(ret.noOp).toBeFalsy();
   expect(executed).toBeTruthy();
   expect(cfnMocks.deleteStack).toHaveBeenCalled();
+});
+
+test('stacks are termination protected by default', async () => {
+  // WHEN
+  await bootstrapEnvironment(env, sdk);
+
+  // THEN
+  expect(executed).toBeTruthy();
+  expect(protectedTermination).toBeTruthy();
+});
+
+test('termination protected is turned off when unset', async () => {
+  // WHEN
+  await bootstrapEnvironment(env, sdk, {
+    parameters: {
+      terminationProtection: false,
+    },
+  });
+
+  // THEN
+  expect(executed).toBeTruthy();
+  expect(protectedTermination).toBeFalsy();
 });
diff --git a/packages/aws-cdk/test/api/bootstrap2.test.ts b/packages/aws-cdk/test/api/bootstrap2.test.ts
@@ -116,6 +116,30 @@ describe('Bootstrapping v2', () => {
     ]);
   });
 
+  test('stacks are termination protected by default', async () => {
+    await bootstrapEnvironment2(env, sdk);
+
+    expect(mockDeployStack).toHaveBeenCalledWith(expect.objectContaining({
+      stack: expect.objectContaining({
+        terminationProtection: true,
+      }),
+    }));
+  });
+
+  test('termination protected is turned off when unset', async () => {
+    await bootstrapEnvironment2(env, sdk, {
+      parameters: {
+        terminationProtection: false,
+      },
+    });
+
+    expect(mockDeployStack).toHaveBeenCalledWith(expect.objectContaining({
+      stack: expect.objectContaining({
+        terminationProtection: false,
+      }),
+    }));
+  });
+
   afterEach(() => {
     mockDeployStack.mockClear();
   });