RDS instance ‘Deletion Protection’ should be enabled

Description

Enabling deletion protection ensures that any user or anonymous user can’t accidentally or intentionally delete your database.

Remediation Steps

AWS Console

• Navigate to RDS.

• In the left navigation, select the Databases.

• Select the database you want to enable data protection.

• Click Modify and in Deletion Protection, check the Enable deletion protection checkbox.

• Click Continue.

• In Scheduling of modifications, select Apply during the next scheduled maintenance window or Apply immediately.

• Click Modify DB Instance.

AWS CLI

To enable delete protection for an AWS RDS instance for Linux, macOS, or Unix:

aws rds modify-db-instance \
    --db-instance-identifier mydbinstance \
    --deletion-protection \
    --no-apply-immediately

To enable delete protection for an AWS RDS instance for Windows:

aws rds modify-db-instance ^
    --db-instance-identifier mydbinstance ^
    --deletion-protection ^
    --no-apply-immediately

Terraform

• Ensure that the aws_db_instance deletion_protection field is set to “true”.

Example Configuration

resource "aws_db_instance" "example" {
  deletion_protection = true
  # other required fields here
}

Documentation Links

AWS Console and CLI

• Console: Modify an Amazon RDS DB Instance

• CLI: modify-db-instance

Terraform

• Resource: aws_db_instance

  • Field: deletion_protection