Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: RDS DB Instances Deletion Protection Enabled

Ensure all RDS DB instances have deletion protection enabled to prevent accidental data loss.

RuleRDS DB instances should have deletion protection enabled
FrameworkCISA-cyber-essentials
Severity
Critical

Ensuring Deletion Protection is Enabled for Amazon RDS Instances in Compliance with CISA Cyber Essentials

Rule Description

Amazon RDS Deletion Protection is a feature designed to prevent accidental deletion of a database instance. This is crucial for adhering to best practices for data protection and ensuring that critical databases cannot be inadvertently removed. Compliance with the Cybersecurity and Infrastructure Security Agency (CISA) Cyber Essentials requires that such safeguards are in place to protect essential data.

Deletion Protection must be enabled for each Amazon RDS instance. Its primary function is to add an additional layer of confirmation before a database can be terminated, making it an important aspect of a robust cybersecurity posture.

Troubleshooting Steps

If you discover that a database instance does not have deletion protection enabled, you should:

  1. 1.
    Verify the instance's current settings: Check whether the Deletion Protection feature is currently turned off.
  2. 2.
    Determine the appropriate state: Decide whether the instance should indeed have this protection based on its importance and compliance requirements.
  3. 3.
    Enable Deletion Protection: If it should be enabled, modify the instance's settings to turn on Deletion Protection.

Remediation Steps

Enable Deletion Protection Using the AWS Management Console:

  1. 1.
    Open the Amazon RDS console at https://console.aws.amazon.com/rds/.
  2. 2.
    In the navigation pane, choose "Databases."
  3. 3.
    Select the database instance you want to modify.
  4. 4.
    Click on "Modify."
  5. 5.
    Scroll down to the "Deletion protection" section.
  6. 6.
    Check the box next to "Enable Deletion Protection."
  7. 7.
    Scroll to the bottom of the page and click "Continue."
  8. 8.
    Review the changes and click "Modify DB Instance."

Enable Deletion Protection Using AWS CLI:

Execute the following AWS CLI command to enable deletion protection for a specific RDS DB instance:

aws rds modify-db-instance \
    --db-instance-identifier <your-db-instance-identifier> \
    --deletion-protection \
    --apply-immediately

Replace

<your-db-instance-identifier>
with the actual identifier of your RDS instance.

Enable Deletion Protection Using AWS CloudFormation:

To define deletion protection in a CloudFormation template, include the

DeletionProtection
property in the
AWS::RDS::DBInstance
resource definition:

Resources:
  MyDBInstance:
    Type: 'AWS::RDS::DBInstance'
    Properties:
      # ... other properties ...
      DeletionProtection: true

Note:

  • The
    --apply-immediately
    flag in the AWS CLI command will apply the change immediately. If you omit this option, the change will occur during the next maintenance window.
  • Enabling deletion protection can be performed on both existing and new RDS instances.
  • Remember to have the necessary permissions assigned to your AWS IAM role to perform these operations.

Also, ensure you monitor your RDS instances regularly using AWS tools such as AWS Config or third-party services for continuous compliance.

SEO Optimization and Visibility

To be SEO-friendly, this content uses descriptive section headers with relevant keywords, bullet points for easy reading, code snippets for clear guidance, and anchor text with official documentation links for additional resources. It targets keywords like "Amazon RDS", "Deletion Protection", "Enable RDS Deletion Protection", "CISA Cybersecurity compliance", "CloudFormation RDS Template", and "AWS CLI RDS modification".

Direct, actionable content without filler ensures readability and value to the reader, potentially increasing the dwell time and reducing bounce rate, which are positive signals to search engines.

Continual updates and refinement to align with the latest AWS features and compliance requirements will ensure this content remains relevant and authoritative, directly contributing to an effective SEO strategy.

Is your System Free of Underlying Vulnerabilities?
Find Out Now