Rule: RDS DB Instances Deletion Protection Enabled
This rule ensures deletion protection is enabled for RDS DB instances.
| Rule | RDS DB instances should have deletion protection enabled |
| Framework | GxP 21 CFR Part 11 |
| Severity | ✔ Critical |
Rule Description:
RDS (Relational Database Service) DB instances, which are utilized for storing sensitive data governed by GxP (Good Practice) regulations and 21 CFR Part 11, should have deletion protection enabled. This rule ensures that critical databases are not accidentally or maliciously deleted, protecting the integrity and availability of GxP compliant data.
Deletion protection adds an extra layer of security to RDS DB instances by preventing them from being deleted or terminated without explicitly disabling the protection feature. Enabling this protection ensures the continuity of GxP compliance and prevents the loss of crucial data.
Troubleshooting Steps (if applicable):
If deletion protection is not enabled for an RDS DB instance, and you are facing compliance concerns or data loss risks, follow these troubleshooting steps:
- 1.
Verify RDS DB Instance Status: Check the status of your RDS DB instance using the Amazon RDS Management Console, AWS CLI, or AWS SDKs. Ensure that the instance is active and accessible.
- 2.
Confirm GxP Compliance Requirements: Double-check if the GxP regulations and 21 CFR Part 11 specifically require deletion protection for your RDS DB instance. Review your organization's compliance policies and consult with relevant stakeholders if needed.
- 3.
Validate Existing Deletion Protection: Verify if deletion protection is already enabled or disabled for the RDS DB instance. This can be done through the RDS Management Console or by executing appropriate AWS CLI commands.
- 4.
Enable Deletion Protection: If deletion protection is not enabled, follow the step-by-step guide below to enable it on your RDS DB instance.
Step-by-Step Guide - Enabling Deletion Protection:
- 1.
Open the AWS Management Console and navigate to the Amazon RDS service.
- 2.
Select the region where your target RDS DB instance is located.
- 3.
In the left navigation pane, click on "DB instances" to view all the existing RDS instances in that region.
- 4.
Locate the specific RDS DB instance you want to enable deletion protection on and click on its identifier.
- 5.
Under the "Instance actions" dropdown or tab, select "Modify".
- 6.
In the "Modify DB Instance" wizard, scroll down to the "Deletion protection" section.
- 7.
Tick the checkbox labeled "Enable deletion protection."
- 8.
Review any other applicable settings or configurations that need modification and proceed accordingly.
- 9.
Click on "Apply changes" to enable deletion protection for the RDS DB instance.
- 10.
Once the modification is complete, verify that the deletion protection status is now enabled for your DB instance.
Troubleshooting:
If you encounter any errors or face issues while enabling deletion protection, consider the following:
- 1.
Ensure Sufficient Permissions: Make sure you have the necessary IAM (Identity and Access Management) permissions to enable deletion protection for the RDS DB instance. Confirm that you have the required privileges and try again.
- 2.
Check RDS DB Instance Compatibility: Deletion protection might not be available for all RDS instance types or versions. Verify the compatibility of your DB instance type with deletion protection and consider upgrading if required.
- 3.
Reach Out for Assistance: If you continue to face difficulties in enabling deletion protection or have additional concerns, contact AWS support or seek assistance from an AWS Certified Solutions Architect or DBA expert.
Recommended Best Practices:
- Regularly review your RDS DB instance configurations and ensure deletion protection is enabled for critical databases governed by GxP 21 CFR Part 11.
- Document the process and include it in your organization's standard operating procedures (SOPs) to ensure continuity and compliance.
- Implement automated backups and snapshots as an additional layer of data protection.
- Regularly test and validate your backup and restore procedures to ensure data recoverability.
By following these guidelines and enabling deletion protection for GxP and 21 CFR Part 11 compliant RDS DB instances, you can ensure data integrity, availability, and compliance within your organization.