Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: RDS DB Instances Deletion Protection Enabled

Ensure RDS DB instances have deletion protection enabled to prevent accidental deletion.

RuleRDS DB instances should have deletion protection enabled
FrameworkNIST 800-53 Revision 5
Severity
Critical

Rule Description:

RDS DB instances should have deletion protection enabled to ensure compliance with NIST 800-53 Revision 5. This rule ensures that accidental or unauthorized deletion of RDS DB instances is prevented to guarantee data integrity, availability, and security.

Deletion protection is a feature provided by Amazon RDS that prevents the deletion of a DB instance. When deletion protection is enabled, attempts to delete the RDS DB instance through the AWS Management Console, CLI, or API will be blocked.

Troubleshooting Steps:

If deletion protection is not already enabled for an RDS DB instance, follow the steps below to enable it:

  2. 1.
    Step 1: Log in to the AWS Management Console.
  4. 2.
    Step 2: Navigate to the Amazon RDS service.
  6. 3.
    Step 3: Select the appropriate region where the RDS DB instance is located.
  8. 4.
    Step 4: In the left-hand sidebar, click on "Databases" to view a list of your RDS instances.
  10. 5.
    Step 5: Locate the DB instance for which deletion protection needs to be enabled.
  12. 6.
    Step 6: Click on the DB instance name to open its details page.
  14. 7.
    Step 7: Under the "Additional Configuration" section, find the "Deletion Protection" option and click on "Modify".
  16. 8.
    Step 8: Check the box next to "Enable deletion protection" and click on "Apply immediately".
  18. 9.
    Step 9: Confirm the changes by clicking on the "Modify DB Instance" button.

Necessary Code:

No code is required for this rule.

Remediation:

To enable deletion protection for an RDS DB instance, follow the step-by-step guide below:

  2. 1.
    Log in to the AWS Management Console.
  4. 2.
    Navigate to the Amazon RDS service.
  6. 3.
    Select the appropriate region where the RDS DB instance is located.
  8. 4.
    In the left-hand sidebar, click on "Databases" to view a list of your RDS instances.
  10. 5.
    Locate the DB instance for which deletion protection needs to be enabled.
  12. 6.
    Click on the DB instance name to open its details page.
  14. 7.
    Under the "Additional Configuration" section, find the "Deletion Protection" option and click on "Modify".
  16. 8.
    Check the box next to "Enable deletion protection" and click on "Apply immediately".
  18. 9.
    Confirm the changes by clicking on the "Modify DB Instance" button.

Once deletion protection is enabled for the RDS DB instance, any attempts to delete it will be blocked, preventing accidental or unauthorized deletions and enhancing the security and availability of your data.

Is your System Free of Underlying Vulnerabilities?
Find Out Now