It's entirely possible that someone might create these resources and forget to destroy them (or not know how)
It would be a good idea to provision a self-destruct mechanism by default, with a Scheduled Event to trigger it after X number of days. This could be something as simple as an hashicorp/terraform container in ECR with sufficient permission to destroy everything.
That would require moving the terraform backend to S3 - which opens up a whole bunch of new opportunities for vulnerabilities!
It's entirely possible that someone might create these resources and forget to destroy them (or not know how)
It would be a good idea to provision a self-destruct mechanism by default, with a Scheduled Event to trigger it after X number of days. This could be something as simple as an
hashicorp/terraformcontainer in ECR with sufficient permission to destroy everything.That would require moving the terraform backend to S3 - which opens up a whole bunch of new opportunities for vulnerabilities!