AWS AppConfig now provides deletion protection for additional guardrails

Posted on: Aug 29, 2024

Customers can now enable deletion protection on AWS AppConfig resources, including Configuration Profiles and Environments. AWS AppConfig helps engineers move faster and resolve issues more quickly with managed feature flags and dynamic configuration. However, deleting any configuration data, for application hygiene or compliance reasons, should always be done very carefully to avoid unexpected behavior. With AWS AppConfig deletion protection enabled, a customer’s account will not be allowed to delete a recently-used resource without explicitly bypassing deletion protection in the AWS Management Console, CLI, or API call. In addition, customers can set the amount of time that is considered “recently-used” to tailor to their organization’s workflows.

AWS AppConfig already has many safety guardrails to be able to update feature flags and configuration data with confidence. With AWS AppConfig, customers can gradually deploy changes to measure and limit impact; customers can set up an alarm to automatically rollback an in-process deployment; customers can validate configuration data syntactically and semantically prior to pushing out updates. With deletion protection, customers now have an additional safety guardrail to ensure their use of feature flags and dynamic configuration is as expected.

Deletion protection for AWS AppConfig resources is available in all AWS Regions, including the AWS GovCloud (US) Regions. To get started, use the AWS AppConfig Getting Started Guide, or learn about AWS AppConfig deletion protection.