Ensure that EC2 API termination protection is enabled

EC2 API termination protection setting prevents EC2 from being accidently terminated.

Risk Level: Low
Cloud Entity: Amazon EC2 Instance
CloudGuard Rule ID: D9.CFT.OPE.06
Covered by Spectral: Yes
Category: Compute


AWS_EC2_Instance should have DisableApiTermination=true


From CFT
Set AWS::EC2::Instance DisableApiTermination property to true


  1. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html#Using_ChangingDisableAPITermination
  2. https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-attribute.html#modify-instance-attribute

Amazon EC2 Instance

Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers.

Compliance Frameworks

  • AWS CloudFormation ruleset