Ensure that Deletion Protection feature is enabled for your Aurora database clusters (provisioned and serverless)
Guarantee the safeguarding of your Amazon Aurora databases against unintended deletion by activating the Deletion Protection feature at the cluster level of your Aurora database.
Risk Level: Medium
Cloud Entity: Amazon RDS
CloudGuard Rule ID: D9.AWS.DR.09
Covered by Spectral: No
Category: Database
GSL LOGIC
RDSDBCluster where engine = 'aurora-mysql' should have deletionProtection = true
REMEDIATION
From Portal
- Access the RDS dashboard.
- Choose the specific database of interest.
- Proceed to the Configuration section.
- Scroll through the page to confirm the current status of deletion protection.
From Command Line
RUN
aws rds modify-db-cluster--region 'YOUR_REGION'' --db-cluster-identifier 'YOUR_RDS_CLUSTER_NAME' --deletion-protection --apply-immediately
References
- https://aws.amazon.com/rds/aurora/
- https://aws.amazon.com/about-aws/whats-new/2018/09/amazon-rds-now-provides-database-deletion-protection/
Amazon RDS
Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need.
Compliance Frameworks
- CloudGuard AWS All Rules Ruleset
Updated over 1 year ago