Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: RDS DB Instances Should Have Deletion Protection Enabled

This rule ensures that RDS DB instances have deletion protection enabled to prevent accidental deletion.

RuleRDS DB instances should have deletion protection enabled
FrameworkNIST 800-53 Revision 5
Severity
Critical

Rule Description

RDS DB instances should have deletion protection enabled to ensure compliance with NIST 800-53 Revision 5. Deletion protection prevents accidental deletion or termination of RDS instances, preserving critical data and ensuring the availability of the database.

Troubleshooting Steps

If deletion protection is not enabled for an RDS DB instance, follow these troubleshooting steps:

  1. 1.

    Verify RDS DB instance: Check if deletion protection is not enabled for the RDS DB instance that needs troubleshooting. You can find this information in the AWS Management Console or by using the AWS CLI.

  2. 2.

    Confirm NIST 800-53 Revision 5 requirement: Ensure that the specific requirement from NIST 800-53 Revision 5 necessitates deletion protection for RDS instances.

  3. 3.

    Check AWS account permissions: Verify if your AWS account has sufficient permissions to enable deletion protection for RDS DB instances.

  4. 4.

    Review RDS instance configuration: Examine the RDS instance configuration to identify any misconfigurations or discrepancies that could be preventing deletion protection.

  5. 5.

    Ensure appropriate data backups: While enabling deletion protection, ensure that proper automated backups are configured to provide data recovery options in case of any unforeseen issues.

Necessary Codes

No specific codes are required for this rule/policy.

Remediation Steps

Follow these steps to enable deletion protection for an RDS DB instance:

  1. 1.

    AWS Management Console:

    • Select the appropriate region.
    • Choose "Databases" from the left-hand menu.
    • Click on the desired RDS DB instance.
    • In the "Actions" dropdown menu, select "Modify".
    • Scroll down to the "Additional Configuration" section.
    • Enable the "Deletion protection" option.
    • Click "Continue" and then "Modify DB instance" to save the changes.
  2. 2.

    AWS CLI:

    • Open a command-line interface with AWS CLI installed.
    • Run the following AWS CLI command, replacing
      <db-instance-arn>
      with the ARN of the RDS DB instance:
      aws rds modify-db-instance --db-instance-identifier <db-instance-arn> --deletion-protection
      
    • Verify that the command executes successfully without any errors.

Conclusion

Enabling deletion protection for RDS DB instances ensures that accidental deletion or termination is prevented, aligning with the requirements of NIST 800-53 Revision 5. Following the troubleshooting steps and remediation guidelines provided in this document will help achieve and maintain compliance.

Is your System Free of Underlying Vulnerabilities?
Find Out Now