RDS instance ‘Deletion Protection’ should be enabled

Description

Enabling deletion protection ensures that any user or anonymous user can’t accidentally or intentionally delete your database.

Console Remediation Steps

  • Navigate to RDS.

  • In the left navigation, select the Databases.

  • Select the database you want to enable data protection.

  • Click Modify and in Deletion Protection, check the Enable deletion protection checkbox.

  • Click Continue.

  • In Scheduling of modifications, select Apply during the next scheduled maintenance window or Apply immediately.

  • Click Modify DB Instance.

CLI Remediation Steps

To enable delete protection for an AWS RDS instance for Linux, macOS, or Unix:

aws rds modify-db-instance \
    --db-instance-identifier mydbinstance \
    --deletion-protection \
    --no-apply-immediately

To enable delete protection for an AWS RDS instance for Windows:

aws rds modify-db-instance ^
    --db-instance-identifier mydbinstance ^
    --deletion-protection ^
    --no-apply-immediately