docs: update readme

Signed-off-by: Carlos Salas <carlos.salas@suse.com>

README.md

@@ -1,22 +1,35 @@
 # AWS Janitor
 
-A GitHub Action to cleanup AWS resources that have exceeded a TTL.
+A GitHub Action to cleanup AWS resources.
+
+It uses a mark and delete approach:
+- First time it runs, it describes resources and marks them for deletion.
+- Next execution, it deletes previously marked resources.
+
+The tag `aws-janitor/marked-for-deletion` is used as deletion marker.
+
+**Any resource that includes the tag key defined by `ignore-tag`, will never be deleted.**
 
 > By default the action will not perform the delete (i.e. it will be a dry-run). You need to explicitly set commit to `true`.
 
 It supports cleaning up the following services:
 
 - EKS Clusters
 - Auto Scaling Groups
+- Load Balancers
+- Security Groups
+- CloudFormation Stacks
+
+It follows this strict order to avoid failures caused by inter-resource dependencies. Although intermittent failures may occur, they should be resolved in subsequent executions.
 
 ## Inputs
 
-| Name              | Required | Description                                                                            |
-| ----------------- | -------- | -------------------------------------------------------------------------------------- |
-| regions           | Y        | A comma seperated list of regions to clean resources in. You can use * for all regions |
-| allow-all-regions | N        | Set to true if use * from regions.                                                     |
-| ttl               | Y        | The duration that a resource can live for. For example, use 24h for 1 day.             |
-| commit            | N        | Whether to perform the delete. Defaults to `false` which is a dry run                  |
+| Name              | Required | Description                                                                                       |
+| ----------------- | -------- | ------------------------------------------------------------------------------------------------- |
+| regions           | Y        | A comma separated list of regions to clean resources in. You can use * for all regions            |
+| allow-all-regions | N        | Set to true if use * from regions.                                                                |
+| commit            | N        | Whether to perform the delete. Defaults to `false` which is a dry run                             |
+| ignore-tag        | N        | The name of the tag that indicates a resource should not be deleted. Defaults to `janitor-ignore` |
 
 ## Example Usage
 
@@ -30,12 +43,12 @@ jobs:
         uses: rancher-sandbox/aws-janitor@v0.1.0
         with:
             regions: eu-west-1
-            ttl: 168h
+            ignore-tag: janitor-ignore
         env:
             AWS_ACCESS_KEY_ID: {{secrets.AWS_ACCESS_KEY_ID}}
             AWS_SECRET_ACCESS_KEY: {{secrets.AWS_SECRET_ACCESS_KEY}}
 ```
 
 ## Implementation Notes
 
-It currently assumes that an instance of a service will have some form of creation date. This means that the implementation can be simpler as it doesn't need to adopt a "mark & sweep" pattern that requires saving state between runs of the action.
+The original implementation of the janitor avoided using the mark and delete approach for simplicity but this solution is not viable when supporting deletion on resources that do not have a creation date.