Rule: RDS clusters should have deletion protection enabled
Ensure that RDS clusters have deletion protection enabled to enhance security measures.
| Rule | RDS clusters should have deletion protection enabled |
| Framework | AWS Foundational Security Best Practices |
| Severity | ✔ Low |
Rule Description
RDS (Relational Database Service) clusters should have deletion protection enabled in order to comply with AWS Foundational Security Best Practices. Deletion protection helps prevent accidental or malicious deletion of a cluster and its associated resources. When deletion protection is enabled, it requires an explicit action to remove the cluster, reducing the risk of data loss and operational disruptions.
Troubleshooting Steps (if applicable)
If deletion protection is not enabled for an RDS cluster, you may encounter the following issues:
- 1.
Risk of accidental deletion: Without deletion protection, there is a higher chance of accidentally deleting an RDS cluster and its associated resources, leading to data loss and service disruption.
- 2.
Compliance violations: Not having deletion protection enabled can result in non-compliance with AWS Foundational Security Best Practices.
Code
There are no specific code snippets associated with enabling deletion protection for an RDS cluster. Instead, it is a configuration option that needs to be enabled through the AWS Management Console or the AWS Command Line Interface (CLI).
Step-by-Step Guide
To enable deletion protection for an RDS cluster, follow these steps:
- 1.
Step 1: Log in to the AWS Management Console or open the AWS CLI.
- 2.
Step 2: Navigate to the RDS service.
- 3.
Step 3: Choose the specific region where the RDS cluster is located.
- 4.
Step 4: Select the RDS cluster for which you want to enable deletion protection.
- 5.
Step 5: In the cluster details page, click on the "Modify" button.
- 6.
Step 6: In the "Modify cluster" page, scroll down to the "Deletion protection" section.
- 7.
Step 7: Enable the "Enable deletion protection" option by checking the checkbox.
- 8.
Step 8: Review any additional settings or parameters you want to modify, if applicable.
- 9.
Step 9: Click on the "Apply immediately" button to save the changes.
- 10.
Step 10: Wait for the modification to complete. This may take a few minutes.
- 11.
Step 11: Verify that deletion protection is enabled by checking the cluster details page again. The status should show "Deletion Protection: Enabled."
Note
Enabling deletion protection for an RDS cluster adds an extra layer of security but requires careful consideration. Ensure that you have proper access controls in place and follow security best practices to prevent unauthorized access to the RDS cluster configuration.