Protect against accidental GCP Project Deletion

April 12, 2022

I’d forgotten about this feature but it’s a good way of protecting Google Cloud Platform (GCP) Projects against accidential (== user error) deletions.

Google documents it Protecting projects from accidental deletion

I’d forgotten that I’d applied it to a key project and then had to Google the above to recall how it works.

PROJECTs=$(gcloud projects list --format="value(projectId)")

for PROJECT in ${PROJECTS}
do
  gcloud alpha resource-manager liens list \
  --project=${PROJECT}
done

Simply:

NO_DELETE_PROJECTS=(
    "foo"
    "bar"
)

for PROJECT in ${NO_DELETE_PROJECTS[@]}
do
  gcloud alpha resource-manager liens create \
  --restrictions=resourcemanager.projects.delete \
  --reason="Important Project" \
  --project=${PROJECT}
done

Test:

TEST="$(whoami)-$(date +%y%m%d)-dnd"

gcloud projects create $

gcloud alpha resource-manager liens create \
--restrictions=resourcemanager.projects.delete \
--reason="Important Project" \
--project=${TEST}

gcloud projects ${TEST} --quiet
ERROR: (gcloud.projects.delete) FAILED_PRECONDITION: Precondition check failed.

LIEN=$(\
  gcloud alpha resource-manager liens list \
  --project=${TEST} \
  --format="value(name)")

gcloud alpha resource-manager liens delete ${LIEN} \
--project=${TEST}

gcloud projects delete ${TEST} --quiet
Deleted

Gcloud
Gcp