diff --git a/packages/aws-cdk-lib/aws-appconfig/README.md b/packages/aws-cdk-lib/aws-appconfig/README.md
index 66c7034db0c23..6c0ea44dd9018 100644
--- a/packages/aws-cdk-lib/aws-appconfig/README.md
+++ b/packages/aws-cdk-lib/aws-appconfig/README.md
@@ -96,6 +96,24 @@ const user = new iam.User(this, 'MyUser');
 env.grantReadConfig(user);
 ```
 
+### Deletion Protection Check
+
+You can enable [deletion protection](https://docs.aws.amazon.com/appconfig/latest/userguide/deletion-protection.html) on the environment by setting the `deletionProtection` property.
+
+- ACCOUNT_DEFAULT:  The default setting, which instructs AWS AppConfig to implement the deletion protection value specified in the UpdateAccountSettings API.
+- APPLY: Instructs the deletion protection check to run, even if deletion protection is disabled at the account level. APPLY also forces the deletion protection check to run against resources created in the past hour, which are normally excluded from deletion protection checks.
+- BYPASS: Instructs AWS AppConfig to bypass the deletion protection check and delete a configuration profile even if deletion protection would have otherwise prevented it.
+
+```ts
+declare const application: appconfig.Application;
+declare const alarm: cloudwatch.Alarm;
+declare const compositeAlarm: cloudwatch.CompositeAlarm;
+
+new appconfig.Environment(this, 'MyEnvironment', {
+  application,
+  deletionProtectionCheck: appconfig.DeletionProtectionCheck.APPLY,
+});
+```
 
 ## Deployment Strategy