The Deletion Protection Discipline Across Resources

Most accidental deletions could have been prevented. The protection model and which resources should be protected by default.

Default-protect

Production databases, S3 buckets with customer data, IAM policies.

IaC enforces the protection. Manual deletion requires explicit unprotect step.

Engineering escape

Engineers can unprotect for migration. Logged; reviewed; re-protected after.

The friction is the point.

Recovery if unprotected

Backup retention. Soft-delete with grace period.

Test recovery. An untested recovery is theatre.