feat(core): set (default) stack termination protection on (parent) stage level

packages/@aws-cdk-testing/framework-integ/test/core/test/integ.stage-termination-protection.ts

@@ -0,0 +1,12 @@
+import * as cdk from 'aws-cdk-lib';
+import { IntegTest } from '@aws-cdk/integ-tests-alpha';
+
+/**
+ * This test creates a stack and sets its termination protection via stage.
+ */
+
+const app = new cdk.App();
+const stage = new cdk.Stage(app, 'Stage', { terminationProtection: true });
+const stack = new cdk.Stack(stage, 'Stack');
+
+new IntegTest(app, 'stack', { testCases: [stack] });

packages/aws-cdk-lib/core/lib/stack.ts

@@ -147,7 +147,8 @@ export interface StackProps {
   /**
    * Whether to enable termination protection for this stack.
    *
-   * @default false
+   * @default - The termination protection of the containing 
+   * `Stage` if available, otherwise `false`.
    */
   readonly terminationProtection?: boolean;
 
@@ -434,7 +435,10 @@ export class Stack extends Construct implements ITaggable {
     this.account = account;
     this.region = region;
     this.environment = environment;
-    this._terminationProtection = props.terminationProtection ?? false;
+
+    const parentStage = Stage.of(this);
+
+    this._terminationProtection = props.terminationProtection ?? parentStage?.terminationProtection ?? false;
 
     if (props.description !== undefined) {
       // Max length 1024 bytes

packages/aws-cdk-lib/core/lib/stage.ts

@@ -43,6 +43,13 @@ export interface StageProps {
    */
   readonly env?: Environment;
 
+  /**
+   * Whether to enable termination protection for stacks in this stage.
+   * 
+   * @default - The termination protection should be configured on the `Stack`s. 
+   */
+  readonly terminationProtection?: boolean;
+
   /**
    * The output directory into which to emit synthesized artifacts.
    *
@@ -121,6 +128,11 @@ export class Stage extends Construct {
    */
   public readonly account?: string;
 
+  /**
+   * The default termination protection setting for all stacks in this stage.
+   */
+  public readonly terminationProtection?: boolean;
+
   /**
    * The cloud assembly builder that is being used for this App
    *
@@ -167,6 +179,7 @@ export class Stage extends Construct {
 
     this.region = props.env?.region ?? this.parentStage?.region;
     this.account = props.env?.account ?? this.parentStage?.account;
+    this.terminationProtection = props.terminationProtection ?? this.parentStage?.terminationProtection;
 
     props.permissionsBoundary?._bind(this);
 

packages/aws-cdk-lib/core/test/stack.test.ts

@@ -2112,6 +2112,32 @@ describe('stack', () => {
     expect(artifact.terminationProtection).toEqual(false);
   });
 
+  test('Set termination protection to true via parent Stage', () => {
+    // if the root is an app, invoke "synth" to avoid double synthesis
+    const app = new App();
+    const stage = new Stage(app, 'Stage', { terminationProtection: true });
+    const stack = new Stack(stage, 'Stack', {});
+
+    const assembly = app.synth();
+    const artifact = assembly.getStackArtifact(stack.artifactId);
+
+    expect(artifact.terminationProtection).toEqual(true);
+  });
+
+  test('Override parent Stage termination protection', () => {
+    // if the root is an app, invoke "synth" to avoid double synthesis
+    const app = new App();
+    const stage = new Stage(app, 'Stage', { terminationProtection: true });
+    const stack = new Stack(stage, 'Stack', {});
+
+    stack.terminationProtection = false;
+
+    const assembly = app.synth();
+    const artifact = assembly.getStackArtifact(stack.artifactId);
+
+    expect(artifact.terminationProtection).toEqual(false);
+  });
+
   test('context can be set on a stack using a LegacySynthesizer', () => {
     // WHEN
     const stack = new Stack(undefined, undefined, {

packages/aws-cdk-lib/core/test/stage.test.ts

@@ -335,6 +335,64 @@ describe('stage', () => {
     expect(Stage.isStage(app)).toEqual(true);
     expect(Stage.isStage(externalStage)).toEqual(true);
   });
+
+  test('Stack inherits termination protection from Stage', () => {
+    // GIVEN
+    const app = new App();
+    const stage = new Stage(app, 'Stage', {
+      terminationProtection: true,
+    });
+
+    // WHEN
+    const stack1 = new Stack(stage, 'Stack1');
+
+    // THEN
+    expect(stack1.terminationProtection).toEqual(true);
+  });
+
+  test('Stack can override termination protection from Stage', () => {
+    // GIVEN
+    const app = new App();
+    const stage = new Stage(app, 'Stage', {
+      terminationProtection: true,
+    });
+
+    // WHEN
+    const stack1 = new Stack(stage, 'Stack1', { terminationProtection: false });
+
+    // THEN
+    expect(stack1.terminationProtection).toEqual(false);
+  });
+
+  test('termination protection is inherited deeply', () => {
+    // GIVEN
+    const app = new App();
+    const outer = new Stage(app, 'Stage', {
+      terminationProtection: true,
+    });
+
+    // WHEN
+    const inner = new Stage(outer, 'Acct');
+
+    // THEN
+    expect(inner.terminationProtection).toEqual(true);
+    expect(new Stack(inner, 'Stack').terminationProtection).toEqual(true);
+  });
+
+  test('termination protection can be overridden in inner stage', () => {
+    // GIVEN
+    const app = new App();
+    const outer = new Stage(app, 'Stage', {
+      terminationProtection: false,
+    });
+
+    // WHEN
+    const inner = new Stage(outer, 'Acct', { terminationProtection: true });
+
+    // THEN
+    expect(inner.terminationProtection).toEqual(true);
+    expect(new Stack(inner, 'Stack').terminationProtection).toEqual(true);
+  });
 });
 
 test('missing context in Stages is propagated up to root assembly', () => {