devshorts/Terraform to prevent hard deletions of resources

## Terraform to prevent hard deletions of resources
data "aws_iam_policy_document" "do_not_delete_important_stuff" {
  statement {

    effect = "Deny"

    actions = [
      // cognito
      "cognito-idp:AdminDeleteUser",
      "cognito-idp:DeleteGroup",
      "cognito-idp:DeleteIdentityProvider",
      "cognito-idp:DeleteResourceServer",
      "cognito-idp:DeleteUser",
      "cognito-idp:DeleteUserPool",
      "cognito-idp:DeleteUserPoolClient",
      "cognito-idp:DeleteUserPoolDomain",

      // dynamodb
      "dynamodb:DeleteTable",

      // ec2
      "ec2:DeleteInternetGateway",
      "ec2:DeleteNatGateway",
      "ec2:DeleteRouteTable",
      "ec2:DeleteSubnet",
      "ec2:DeleteVpc",

      // ecs
      "ecs:DeleteCluster",
      "ecs:DeleteService",

      // elb
      "elasticloadbalancing:DeleteListener",
      "elasticloadbalancing:DeleteLoadBalancer",
      "elasticloadbalancing:DeleteTargetGroup",

      //kms
      "kms:DeleteAlias",
      "kms:DeleteCustomKeyStore",
      "kms:DeleteImportedKeyMaterial",
      "kms:DisableKey",
      "kms:ScheduleKeyDeletion",

      // lambda
      "lambda:DeleteFunction",

      // rds
      "rds:DeleteDBCluster",
      "rds:DeleteDBClusterEndpoint",
      "rds:DeleteDBClusterParameterGroup",
      "rds:DeleteDBInstance",
      "rds:DeleteDBParameterGroup",
      "rds:DeleteDBSecurityGroup",
      "rds:DeleteDBSubnetGroup",
      "rds:DeleteGlobalCluster",
      "rds:DeleteOptionGroup",
      "rds:ResetDBClusterParameterGroup",
      "rds:ResetDBParameterGroup",
      "rds:StopDBCluster",
      "rds:StopDBInstance",

      // route53
      "route53:DeleteHostedZone",

      // s3
      "s3:DeleteBucket",
      "s3:DeleteBucketPolicy",
      "s3:DeleteBucketWebsite",

      // sqs
      "sqs:DeleteQueue"
    ]

    resources = [
      "*"
    ]
  }
}
	data "aws_iam_policy_document" "do_not_delete_important_stuff" {
	statement {

	effect = "Deny"

	actions = [
	// cognito
	"cognito-idp:AdminDeleteUser",
	"cognito-idp:DeleteGroup",
	"cognito-idp:DeleteIdentityProvider",
	"cognito-idp:DeleteResourceServer",
	"cognito-idp:DeleteUser",
	"cognito-idp:DeleteUserPool",
	"cognito-idp:DeleteUserPoolClient",
	"cognito-idp:DeleteUserPoolDomain",

	// dynamodb
	"dynamodb:DeleteTable",

	// ec2
	"ec2:DeleteInternetGateway",
	"ec2:DeleteNatGateway",
	"ec2:DeleteRouteTable",
	"ec2:DeleteSubnet",
	"ec2:DeleteVpc",

	// ecs
	"ecs:DeleteCluster",
	"ecs:DeleteService",

	// elb
	"elasticloadbalancing:DeleteListener",
	"elasticloadbalancing:DeleteLoadBalancer",
	"elasticloadbalancing:DeleteTargetGroup",

	//kms
	"kms:DeleteAlias",
	"kms:DeleteCustomKeyStore",
	"kms:DeleteImportedKeyMaterial",
	"kms:DisableKey",
	"kms:ScheduleKeyDeletion",

	// lambda
	"lambda:DeleteFunction",

	// rds
	"rds:DeleteDBCluster",
	"rds:DeleteDBClusterEndpoint",
	"rds:DeleteDBClusterParameterGroup",
	"rds:DeleteDBInstance",
	"rds:DeleteDBParameterGroup",
	"rds:DeleteDBSecurityGroup",
	"rds:DeleteDBSubnetGroup",
	"rds:DeleteGlobalCluster",
	"rds:DeleteOptionGroup",
	"rds:ResetDBClusterParameterGroup",
	"rds:ResetDBParameterGroup",
	"rds:StopDBCluster",
	"rds:StopDBInstance",

	// route53
	"route53:DeleteHostedZone",

	// s3
	"s3:DeleteBucket",
	"s3:DeleteBucketPolicy",
	"s3:DeleteBucketWebsite",

	// sqs
	"sqs:DeleteQueue"
	]

	resources = [
	"*"
	]
	}
	}