diff --git a/terraform/main.tf b/terraform/main.tf
index 80e3f74..2c28f60 100644
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -18,6 +18,11 @@ resource "aws_vpc" "main" {
   tags = {
     Name = "${var.project_name}-vpc-${var.environment}"
   }
+
+  lifecycle {
+    prevent_destroy = true
+    ignore_changes  = [tags]
+  }
 }
 
 resource "aws_internet_gateway" "main" {
@@ -81,12 +86,21 @@ resource "aws_route_table" "public" {
   tags = {
     Name = "${var.project_name}-public-rt-${var.environment}"
   }
+
+  lifecycle {
+    prevent_destroy = true
+    ignore_changes  = [tags]
+  }
 }
 
 resource "aws_route_table_association" "public" {
   count          = length(aws_subnet.public)
   subnet_id      = aws_subnet.public[count.index].id
   route_table_id = aws_route_table.public.id
+
+  lifecycle {
+    prevent_destroy = true
+  }
 }
 
 resource "aws_route_table" "private" {
@@ -100,12 +114,21 @@ resource "aws_route_table" "private" {
   tags = {
     Name = "${var.project_name}-private-rt-${var.environment}"
   }
+
+  lifecycle {
+    prevent_destroy = true
+    ignore_changes  = [tags]
+  }
 }
 
 resource "aws_route_table_association" "private" {
   count          = length(aws_subnet.private)
   subnet_id      = aws_subnet.private[count.index].id
   route_table_id = aws_route_table.private.id
+
+  lifecycle {
+    prevent_destroy = true
+  }
 }
 
 # -------------------------------------------------------------------------------
@@ -196,6 +219,8 @@ resource "aws_security_group" "ec2_api" {
   }
 
   lifecycle {
+    prevent_destroy       = true
+    ignore_changes        = [tags]
     create_before_destroy = true
   }
 }
@@ -226,6 +251,8 @@ resource "aws_security_group" "rds" {
   }
 
   lifecycle {
+    prevent_destroy       = true
+    ignore_changes        = [tags]
     create_before_destroy = true
   }
 }
@@ -250,12 +277,21 @@ resource "aws_iam_role" "ec2_role" {
   tags = {
     Name = "${var.project_name}-ec2-role"
   }
+
+  lifecycle {
+    prevent_destroy = true
+    ignore_changes  = [tags]
+  }
 }
 
 resource "aws_iam_role_policy" "ec2_policy" {
   name = "${var.project_name}-ec2-policy-${var.environment}"
   role = aws_iam_role.ec2_role.id
 
+  lifecycle {
+    prevent_destroy = true
+  }
+
   policy = jsonencode({
     Version = "2012-10-17"
     Statement = [
@@ -314,6 +350,11 @@ resource "aws_iam_instance_profile" "ec2_profile" {
   tags = {
     Name = "${var.project_name}-ec2-profile"
   }
+
+  lifecycle {
+    prevent_destroy = true
+    ignore_changes  = [tags]
+  }
 }
 
 # -------------------------------------------------------------------------------
@@ -344,14 +385,12 @@ resource "aws_instance" "api" {
   }
 
   lifecycle {
+    prevent_destroy = true
     ignore_changes = [
+      ami,
       iam_instance_profile,
       user_data,
-      tags["AutoStart"],
-      tags["AutoStop"],
-      tags["Schedule"],
-      tags["ScheduleHours"],
-      tags["ScheduleTimezone"],
+      tags,
     ]
   }
 }
@@ -366,6 +405,11 @@ resource "aws_db_subnet_group" "rds" {
   tags = {
     Name = "${var.project_name}-rds-subnet-group"
   }
+
+  lifecycle {
+    prevent_destroy = true
+    ignore_changes  = [tags]
+  }
 }
 
 resource "aws_db_instance" "main" {
@@ -396,12 +440,9 @@ resource "aws_db_instance" "main" {
   }
 
   lifecycle {
-    ignore_changes = [
-      tags["AutoStart"],
-      tags["AutoStop"],
-      tags["Schedule"],
-      tags["ScheduleHours"],
-      tags["ScheduleTimezone"],
+    prevent_destroy = true
+    ignore_changes  = [
+      tags,
     ]
   }
 }
@@ -415,6 +456,11 @@ resource "aws_s3_bucket" "frontend" {
   tags = {
     Name = "${var.project_name}-frontend"
   }
+
+  lifecycle {
+    prevent_destroy = true
+    ignore_changes  = [tags]
+  }
 }
 
 resource "aws_s3_bucket_versioning" "frontend" {
@@ -423,6 +469,10 @@ resource "aws_s3_bucket_versioning" "frontend" {
   versioning_configuration {
     status = "Enabled"
   }
+
+  lifecycle {
+    prevent_destroy = true
+  }
 }
 
 resource "aws_s3_bucket_public_access_block" "frontend" {
@@ -432,6 +482,10 @@ resource "aws_s3_bucket_public_access_block" "frontend" {
   block_public_policy     = true
   ignore_public_acls      = true
   restrict_public_buckets = true
+
+  lifecycle {
+    prevent_destroy = true
+  }
 }
 
 resource "aws_s3_bucket_website_configuration" "frontend" {
@@ -444,6 +498,10 @@ resource "aws_s3_bucket_website_configuration" "frontend" {
   error_document {
     key = "index.html"
   }
+
+  lifecycle {
+    prevent_destroy = true
+  }
 }
 
 resource "aws_s3_bucket" "artifacts" {
@@ -452,6 +510,10 @@ resource "aws_s3_bucket" "artifacts" {
   tags = {
     Name = "${var.project_name}-artifacts"
   }
+
+  lifecycle {
+    prevent_destroy = true
+  }
 }
 
 resource "aws_s3_bucket_versioning" "artifacts" {
@@ -460,6 +522,10 @@ resource "aws_s3_bucket_versioning" "artifacts" {
   versioning_configuration {
     status = "Enabled"
   }
+
+  lifecycle {
+    prevent_destroy = true
+  }
 }
 
 resource "aws_s3_bucket_public_access_block" "artifacts" {
@@ -469,6 +535,10 @@ resource "aws_s3_bucket_public_access_block" "artifacts" {
   block_public_policy     = true
   ignore_public_acls      = true
   restrict_public_buckets = true
+
+  lifecycle {
+    prevent_destroy = true
+  }
 }
 
 # -------------------------------------------------------------------------------
@@ -480,6 +550,10 @@ resource "aws_cloudfront_origin_access_control" "frontend" {
   origin_access_control_origin_type = "s3"
   signing_behavior                  = "always"
   signing_protocol                  = "sigv4"
+
+  lifecycle {
+    prevent_destroy = true
+  }
 }
 
 resource "aws_s3_bucket_policy" "frontend" {
@@ -504,6 +578,10 @@ resource "aws_s3_bucket_policy" "frontend" {
   })
 
   depends_on = [aws_s3_bucket_public_access_block.frontend]
+
+  lifecycle {
+    prevent_destroy = true
+  }
 }
 
 # -------------------------------------------------------------------------------
@@ -519,6 +597,8 @@ resource "aws_acm_certificate" "main" {
   }
 
   lifecycle {
+    prevent_destroy       = true
+    ignore_changes        = [tags]
     create_before_destroy = true
   }
 }
@@ -536,6 +616,10 @@ resource "aws_acm_certificate_validation" "main" {
   provider                = aws.us_east_1
   certificate_arn         = aws_acm_certificate.main.arn
   validation_record_fqdns = [aws_route53_record.cert_validation.fqdn]
+
+  lifecycle {
+    prevent_destroy = true
+  }
 }
 
 # -------------------------------------------------------------------------------
@@ -555,6 +639,10 @@ resource "aws_route53_record" "main" {
   name    = var.domain_name
   type    = "A"
 
+  lifecycle {
+    prevent_destroy = true
+  }
+
   alias {
     name                   = aws_cloudfront_distribution.main.domain_name
     zone_id                = aws_cloudfront_distribution.main.hosted_zone_id
@@ -648,4 +736,9 @@ resource "aws_cloudfront_distribution" "main" {
   tags = {
     Name = "${var.project_name}-cdn"
   }
+
+  lifecycle {
+    prevent_destroy = true
+    ignore_changes  = [tags]
+  }
 }