Ensure deletion protection is enabled for AWS QLDB Ledger

MEDIUM

Description

Not enabling deletion protection for AWS QLDB Ledger can impact the availability of the data.

Remediation

Delete protection for QLDB is enabled by default when using Terraform, however the setting can be overridden. For additional security considerations, see the AWS documentation.

In Terraform -

In the aws_qldb_ledger resource, set the deletion_protection field to true.

Resources:
https://docs.aws.amazon.com/qldb/latest/developerguide/what-is.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/qldb_ledger#deletion_protection

Policy Details

Rule Reference ID: AC_AWS_0184

CSP: AWS

Remediation Available: Yes

Domain: Resilience

Resource: aws_qldb_ledger

Resource Category: Database

Resource Type: QLDB

Frameworks

GDPR
NIST-800-171
NIST-800-53
NIST-CSF
HIPAA

Detections

Analytics