Ensure deletion protection is enabled for AWS DocumentDB Clusters

MEDIUM

Description

AWS DocumentDB clusters have deletion protection disabled. This may lead to accidental deletion of AWS DocumentDB Clusters and data loss.

Remediation

In AWS Console -

  1. Sign in to the AWS Console, and go to the Amazon DocumentDB console.
  2. Select Clusters in the navigation pane.
  3. Select the cluster that you want to modify.
  4. Select Actions, and then choose Modify.
  5. Go to deletion protection and enable it.

In Terraform -

  1. In the aws_docdb_cluster resource, set the deletion_protection field to true.

References:
https://docs.aws.amazon.com/documentdb/latest/developerguide/db-cluster-delete.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/docdb_cluster#deletion_protection

Policy Details

Rule Reference ID: AC_AWS_0075
CSP: AWS
Remediation Available: Yes
Resource Category: Database
Resource Type: DocDB

Frameworks