Ensure that Deletion Protection feature is enabled for your Aurora database clusters (provisioned and serverless)

Guarantee the safeguarding of your Amazon Aurora databases against unintended deletion by activating the Deletion Protection feature at the cluster level of your Aurora database.

Suggest Edits

Risk Level: Medium
Cloud Entity: Amazon RDS
CloudGuard Rule ID: D9.AWS.DR.09
Covered by Spectral: No
Category: Database

GSL LOGIC

RDSDBCluster where engine = 'aurora-mysql' should have deletionProtection = true

REMEDIATION

From Portal

  1. Access the RDS dashboard.
  2. Choose the specific database of interest.
  3. Proceed to the Configuration section.
  4. Scroll through the page to confirm the current status of deletion protection.

From Command Line
RUN

aws rds modify-db-cluster--region 'YOUR_REGION'' --db-cluster-identifier 'YOUR_RDS_CLUSTER_NAME' --deletion-protection --apply-immediately

References

  1. https://aws.amazon.com/rds/aurora/
  2. https://aws.amazon.com/about-aws/whats-new/2018/09/amazon-rds-now-provides-database-deletion-protection/

Amazon RDS

Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need.

Compliance Frameworks

  • CloudGuard AWS All Rules Ruleset

Updated 7 months ago