This rule states that RDS DB instances must have deletion protection enabled to enhance data security.
Rule | RDS DB instances should have deletion protection enabled |
Framework | Federal Financial Institutions Examination Council (FFIEC) |
Severity | ✔ Critical |
Rule Description:
RDS DB instances should have deletion protection enabled to comply with the security requirements set forth by the Federal Financial Institutions Examination Council (FFIEC). Deletion protection ensures that accidental or unauthorized deletion of critical database instances is prevented, reducing the risk of data loss or unauthorized access.
Troubleshooting Steps:
If deletion protection is not already enabled for your RDS DB instances, follow the steps below to enable it:
Identify the RDS DB Instances: Determine the RDS DB instances that need deletion protection and ensure that they are in active status.
Enable Deletion Protection: Access the AWS Management Console or use AWS CLI or SDKs to enable deletion protection.
AWS Management Console:
AWS CLI:
Open the AWS CLI or command prompt.
Execute the following command to enable deletion protection for the RDS DB instance:
aws rds modify-db-instance --db-instance-identifier <db-instance-identifier> --deletion-protection true
Replace
<db-instance-identifier>
with the identifier of the RDS DB instance.AWS Management Console:
AWS CLI:
Execute the following AWS CLI command to describe the RDS DB instance and verify deletion protection:
aws rds describe-db-instances --db-instance-identifier <db-instance-identifier> --query 'DBInstances[0].DeletionProtection'
Replace
<db-instance-identifier>
with the identifier of the RDS DB instance.Additional Notes: