Cluster Termination Protection
It is possible to quickly delete an entire cluster, for example through terraform, if you're not careful.
It would be great to have a "Termination Protection" feature that can only be disabled in the Admin UI and not via the public APIs.
In terraform I could then enable it like so
resource "mongodbatlas_cluster" "my_cluster" {
enable_delete_protection = true
}
When I would run terraform destroy the cluster should not be destroyed and instead the API returns an error saying that the Cluster has Termination Protection enabled. If I want to disable it, I can login to the Admin UI, select the cluster, then click "Disable Termination Protection" somewhere.
AWS has a similar feature where EC2 instances can have Termination Protection enabled. With Termination Protection enabled they cannot be deleted through code, even CloudFormation will throw an issue.
Kevin
shared this idea
You can now set "Termination Protection" for your Atlas cluster. For more information, see https://www.mongodb.com/docs/atlas/cluster-additional-settings/#termination-protection
-
Eli
commented
AFAIU, this feature is out already. I see it on my cluster.
-
Renato Cunha
commented
Is this very important to protect a business and a professional.
-
Carlos
commented
IMO, everything about changes that affect a full project should be protected.
Like dropping or changing permissions for a user
Or any modification to the network setup.
These type of changes could represent an outage if not done carefully. -
Gaurav
commented
This is extremely critical for us as deleting cluster will remove snapshots
-
Ralph
commented
Hi - this in my opinion is critical. We have just had an issue on a development environment where terraform performed a drop and recreate moving from an M5 to an M10. Not only is there no final snapshot, the cluster backups are not available post upgrade.
Doing an upgrade in the UI and then reflecting the change back into TF does a data migration but the this behaviour could really be dangerous.
-
Bruno
commented
Hi,
We had a big availabilty problem due that missing feature.
We are using Atlas Mongo for some years. Our environment at other Cloud (AWS) is 100% created with Terraform.
Whe started the project to incorporate Atlas Mongo at our Terraform scripts / state.
To do that we used the Terraform tag prevent_delete = True.
But when we tried to incorporate 3 clustes, the Terraform deleted them and all data and create a new one.
It was a catastrofe to us.
There is no painel button to restore it (as we have at AWS restoring snapshots).
We had to use Atlas Mongo Support to restore. We stayed more than 24h without these clusters.Atlas Mongo does not have "Cluster Termination Protection", specially throught API / Terraform.
It should be the top priority feature to Atlas. Protect the customer data and availability should always the top priority.
-
Christian
commented
This request should be tagged with terraform-atlasdb-plugin.
-
Christian
commented
I would like to suggest a supplement to this feature request.
There should also be a flag to deny the deletion of backups. A change of encryption or cluster termination will also delete backups as described in your documentation.
There should also be a flag to deny this.
Another idea would be an explicit DenyPolicy, where a user with the ProjectOwner role is also denied to delete backups.
-
Hi Kevin,
This is definitely a good idea, particularly for programmatic use cases like Terraform where our built-in UI safeguards (big red warning, clear naming for what you're deleting, plus a requirement that the you type in the name of the cluster to confirm you want to delete it) aren't applicable.
I think we need to also look at this problem holistically over time: it's important to use role based access control to isolate your programmatic API keys to appropriate environments and run end to end tests before moving to Prod. That's not to say we shouldn't also build in other safeguards over time.
Thanks for filing
-Andrew
