Setting environment tag to PROD doesn't provide delete protection at the backend level

[dennisameling]

Version 1.11.0 of the Timescale Terraform provider introduced support for setting environment tags on services (DEV or PROD).

However, when creating a service like this, setting the environment tag to PROD:

resource "timescale_service" "database" {
  name        = "test-db"
  milli_cpu   = 500
  memory_gb   = 2
  region_code = "us-west-2"
  environment_tag = "PROD"
}

... then commenting it out, it deletes the database without any sort of warning or block:

timescale_service.database: Destroying... [id=e48y08rr3r]
timescale_service.database: Destruction complete after 0s

Apply complete! Resources: 0 added, 0 changed, 1 destroyed.

This is inconsistent with the Timescale UI, which does have the delete protection:

Workaround

Adding this to the Terraform resource ensures that there's delete protection at the Terraform level:

  lifecycle {
    prevent_destroy = true
  }

Related resources

• The aws_db_instance Terraform resource has an argument called deletion_protection which activates Deletion Protection at the backend level, so it works across their UIs and APIs.
• The aws_cognito_user_pool Terraform resource also has an deletion_protection argument that does the exact same at the backend level.