From 999180972c4160a408b22628f9ef188c77bb6d21 Mon Sep 17 00:00:00 2001
From: Nestor Carvantes <carvantes@gmail.com>
Date: Wed, 2 Mar 2022 19:48:51 -0800
Subject: [PATCH] fix: add deletion policy to KMS keys (#540)

---
 cloudformation/kms.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/cloudformation/kms.yaml b/cloudformation/kms.yaml
index eb569e1a..26ad9eb4 100644
--- a/cloudformation/kms.yaml
+++ b/cloudformation/kms.yaml
@@ -11,6 +11,8 @@ Resources:
       TargetKeyId: !Ref S3KMSKey
   S3KMSKey:
     Type: AWS::KMS::Key
+    DeletionPolicy: Retain
+    UpdateReplacePolicy: Retain
     Properties:
       EnableKeyRotation: true
       Description: 'KMS CMK for s3'
@@ -30,6 +32,8 @@ Resources:
       TargetKeyId: !Ref DynamodbKMSKey
   DynamodbKMSKey:
     Type: AWS::KMS::Key
+    DeletionPolicy: Retain
+    UpdateReplacePolicy: Retain
     Properties:
       EnableKeyRotation: true
       Description: 'KMS CMK for DynamoDB'