Skip to content

disable-force-destroy

Explanation

Enabling force destroy on a Spaces bucket means that the bucket can be deleted without the additional check that it is empty. This risks important data being accidentally deleted by a bucket removal process.

Possible Impact

Accidental deletion of bucket objects

Suggested Resolution

Don't use force destroy on bucket configuration

Insecure Example

The following example will fail the digitalocean-spaces-disable-force-destroy check.

resource "digitalocean_spaces_bucket" "bad_example" {
  name          = "foobar"
  region        = "nyc3"
  force_destroy = true
}

Secure Example

The following example will pass the digitalocean-spaces-disable-force-destroy check.

resource "digitalocean_spaces_bucket" "good_example" {
  name   = "foobar"
  region = "nyc3"
}