Rule: RDS DB Instances Should Have Deletion Protection Enabled

This rule ensures RDS DB instances have deletion protection enabled to prevent accidental data loss.

Rule	RDS DB instances should have deletion protection enabled
Framework	SOC 2
Severity	✔ Critical

Rule Description: RDS DB instances should have deletion protection enabled for SOC 2

Rule Summary:

This rule requires that all RDS (Relational Database Service) DB instances have deletion protection enabled in order to meet the security and compliance requirements outlined by SOC 2.

Rule Details:

Deletion protection is a feature provided by AWS to prevent accidental or malicious deletion of RDS DB instances. By enabling deletion protection, it adds an additional layer of safeguarding to ensure the integrity and availability of the database. This feature is especially important when adhering to SOC 2 compliance, which requires robust controls to protect data.

Remediation Steps:

1.

Log in to the AWS Management Console.

2.
Navigate to the Amazon RDS service.
- Direct link: Amazon RDS

3.

In the RDS dashboard, click on "Databases" in the left sidebar.

4.

Identify the target RDS DB instance that needs deletion protection enabled.

5.

Select the DB instance by clicking on its name.

6.

In the details pane, click on the "Modify" button.

7.

Scroll down to the "Database Options" section.

8.

Enable the "Deletion Protection" checkbox.

9.

Click the "Apply Immediately" button to save the changes.

10.

Review the modifications and confirm by clicking the "Modify DB Instance" button.

Troubleshooting:

If the "Deletion Protection" checkbox is disabled or greyed out, it may indicate one of the following issues:

1.

Insufficient Permissions: Ensure that you have the necessary permissions to modify the RDS DB instance. Contact your AWS account administrator or IAM (Identity and Access Management) administrator to grant the required permissions.

2.

AWS RDS Engine Compatibility: Deletion protection may not be available for certain versions or types of RDS engines. Check the AWS documentation and verify if the engine and version of your RDS instance support deletion protection.

Additional Notes:

Deletion protection is a critical security control for protecting your RDS databases.
Enabling deletion protection can prevent accidental deletion of vital databases, protecting critical data from loss.
Always assess the impact of enabling deletion protection on your operational practices and ensure that appropriate safeguards are in place when managing RDS instances.

Rule: RDS DB Instances Should Have Deletion Protection Enabled

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Rule Summary:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Rule Details:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Remediation Steps:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Additional Notes:

Is your System Free of Underlying Vulnerabilities? Find Out Now

Rule Summary:

Rule Details:

Remediation Steps:

Troubleshooting:

Additional Notes:

Is your System Free of Underlying Vulnerabilities?
Find Out Now