RDS instance ‘Deletion Protection’ should be enabled¶
Description¶
Enabling deletion protection ensures that any user or anonymous user can’t accidentally or intentionally delete your database.
Remediation Steps¶
AWS Console¶
Navigate to RDS.
In the left navigation, select the Databases.
Select the database you want to enable data protection.
Click Modify and in Deletion Protection, check the Enable deletion protection checkbox.
Click Continue.
In Scheduling of modifications, select Apply during the next scheduled maintenance window or Apply immediately.
Click Modify DB Instance.
AWS CLI¶
To enable delete protection for an AWS RDS instance for Linux, macOS, or Unix:
aws rds modify-db-instance \
--db-instance-identifier mydbinstance \
--deletion-protection \
--no-apply-immediately
To enable delete protection for an AWS RDS instance for Windows:
aws rds modify-db-instance ^
--db-instance-identifier mydbinstance ^
--deletion-protection ^
--no-apply-immediately
Terraform¶
Ensure that the aws_db_instance
deletion_protection
field is set to “true”.
Example Configuration¶
resource "aws_db_instance" "example" {
deletion_protection = true
# other required fields here
}