Prevent deletion of an instance

This page shows you how to help prevent the accidental deletion of Filestore instances.

Overview

Instance deletion protection helps you prevent the accidental removal of existing and new instances.

You can set the deletion protection option when you create an instance or update this option on an existing instance. In both cases, deletion is prevented at the instance level. By default, the deletion protection option is disabled.

Plan for deletion

If you are planning to delete an instance, complete the following steps:

  • Confirm that it is safe to delete the instance
  • Confirm that deletion protection is disabled; if necessary, edit the instance to disable deletion protection

Limitations

The following feature limitations apply:

  • Not supported in the following service tiers:

    • Basic HDD
    • Basic SSD

  • Deletion protection doesn't prevent the following operations:

    • Editing the instance
    • Deleting a backup
    • Reverting a snapshot
    • File deletion

Set deletion protection on a new instance

In this section, you'll see how to set the deletion protection option when creating a new instance. By default, the feature is disabled.

If deletion protection is enabled, an attempt to delete the instance fails.

Google Cloud console

  1. In the Google Cloud console, go to the Filestore instances page.

Go to the Filestore instances page

  1. Click Create Instance.
  2. Follow the instructions noted in Create an instance. Before clicking Create, add the following specifications:
    1. In Create labels section, expand Advanced Options.
    2. In Deletion protection, click Enable deletion protection. We recommend adding a brief description of the reason as well. This information is visible from the instance details page.
  3. Click Create.

gcloud

  1. Install and initialize the gcloud CLI.

    If you already have the gcloud CLI installed, update it:

    gcloud components update

  2. Run the gcloud filestore instances create command to create a Filestore instance. Follow the instructions noted in Create an instance. Before you press Enter, add the following options:

    --deletion-protection \
--deletion-protection-reason=PROTECTION_REASON

    Where:

    • --deletion-protection is the flag used to enable deletion protection when creating the instance.
    • --deletion-protection-reason is the flag used to add a description of the justification for the instance's deletion protection setting you chose. PROTECTION_REASON is the description text you want to use. For example, "All genomics data must adhere to current organization policies." For more information, see Deletion protection.

REST API

  1. Have gcloud CLI installed and initialized, which lets you generate an access token for the Authorization header.

  2. Use cURL to call the Filestore API. Follow the instructions noted in Create an instance, adding the following options before running the command:

        "deletionProtectionEnabled",
    "deletionProtectionReason":"PROTECTION_REASON"

    Where:

    • deletionProtectionEnabled is the flag used to enable deletion protection when creating the instance.
    • deletionProtectionReason is the flag used to add a description of the justification for the instance's deletion protection setting you chose. PROTECTION_REASON is the description text you want to use. For example, "All genomics data must adhere to current organization policies." For more information, see Deletion protection.

Set or remove deletion protection on an existing instance

In this section, you'll see how to edit the deletion protection option on an instance. By default, the feature is disabled.

If you enable the option, a subsequent attempt to delete the instance fails.

Google Cloud console

To edit Filestore instances using the Google Cloud console, navigate to the Edit instance page, where you can edit the instance description, manage IP-based access control rules, and scale the file share performance:

  1. In the Google Cloud console, go to the Filestore Instances page.

    Go to the Filestore instances page

  2. Click the instance ID of the instance you want to edit.

  3. On the Instance details page, click Edit to go to the Edit instance page.

  4. In Create labels section, expand Advanced Options.

  5. In Deletion protection, click Enable deletion protection. We recommend adding a brief description of the reason as well. This information is visible from the instance details page. For details, see Creating instances.

  6. Click Save.

gcloud

To enable deletion protection when you update an instance, use the gcloud filestore instances update command similar to the following:

  gcloud filestore instances update INSTANCE_NAME \
      --deletion-protection \
      --deletion-protection-reason=PROTECTION_REASON

Where:

  • INSTANCE_NAME is the name of the instance you want to edit. For example, my-genomics-instance.
  • PROTECTION_REASON is the description text you want to use. For example, "All genomics data must adhere to current organization policies." For more information, see Deletion protection.

To disable deletion protection when you update an instance, use a command similar to the following:

  gcloud filestore instances update INSTANCE_NAME \
      --no-deletion-protection

Where:

  • INSTANCE_NAME is the name of the instance you want to edit. For example, my-genomics-instance.

Once disabled, the deletion-protection-reason field is cleared.

REST API

  1. Have gcloud CLI installed and initialized, which lets you generate an access token for the Authorization header.

  2. Use cURL to call the Filestore API.

    To set deletion protection on an instance, specify true in the deletionProtectionEnabled field. To remove it, specify false in the field. Use an operation call similar to the following:

    curl --request PATCH \
    'https://file.googleapis.com/v1/projects/PROJECT/locations/LOCATION/instances?instanceId=NAME?updateMask=deletionProtectionEnabled,deletionProtectionReason' \
    --header "Authorization: Bearer $(gcloud auth print-access-token)" \
    --header 'Accept: application/json' \
    --header 'Content-Type: application/json' \
    --data '{"tier":"TIER","networks":[{"network":"NETWORK"}],"fileShares":[{"capacityGb":CAPACITY,"name":"SHARE_NAME"}], "deletionProtectionEnabled": true, "deletionProtectionReason": "PROTECTION_REASON"}' \
    --compressed

    Where:

    • deletionProtectionEnabled is the flag used to enable deletion protection. For example, true or false.
    • deletionProtectionReason is the flag used to add a description of the justification for the instance's deletion protection setting you chose. Only present when the feature is enabled. PROTECTION_REASON is the description text you want to use. For example, "All genomics data must adhere to current organization policies." For more information, see Deletion protection.

What's next