Detections
Analytics

Ensure deletion protection is enabled for Amazon Relational Database Service (Amazon RDS) clusters

MEDIUM

Description

Deletion Protection feature has been disabled for your Aurora database clusters (provisioned and serverless) which may cause unwanted loss of data.

Remediation

In AWS Console -

  1. Sign in to the AWS Console and open the RDS Console.
  2. Under Databases, choose the cluster you wish to edit.
  3. Select Modify.
  4. Under Additional Configuration, check the box next to Enable deletion protection.

In Terraform -

  1. In the aws_rds_cluster resource, set 'deletion_protection' to 'true'.

References:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster#deletion_protection

Policy Details

Rule Reference ID: AC_AWS_0188
CSP: AWS
Remediation Available: Yes
Domain: Data Protection
Resource: aws_rds_cluster
Resource Category: Database
Resource Type: Relational Database Service (RDS)

Frameworks