Termination Protection Should Be Enabled
More Info:
Ensuring Termination Protection feature is enabled for EC2 instances that are not part of ASGs.Risk Level
LowAddress
Reliability, SecurityCompliance Standards
CBPTriage and Remediation
Remediation
Using Console
Using Console
To remediate the Termination Protection Should Be Enabled misconfiguration in AWS using the AWS console, follow these steps:
- Login to the AWS Management Console.
- Navigate to the EC2 Dashboard.
- Select the instance that you want to enable termination protection for.
- Click on the “Actions” button and select “Instance Settings”.
- Click on “Change Termination Protection”.
- Select the “Enable” option and click “Save”.
- A confirmation message will appear indicating that the termination protection has been enabled.
- Repeat steps 3-7 for each instance that needs termination protection enabled.
Using CLI
Using CLI
To remediate the misconfiguration “Termination Protection Should Be Enabled” for an EC2 instance in AWS using AWS CLI, follow the below steps:
- Open the AWS CLI on your local machine.
-
Run the following command to enable termination protection for an EC2 instance:
Replace
<instance-id>with the ID of the EC2 instance for which you want to enable termination protection. -
Verify that the termination protection is enabled for the instance by running the following command:
If the output shows
"Value": false, it means that termination protection is enabled for the instance. - Repeat the above steps for all the EC2 instances in your AWS account to ensure that termination protection is enabled for all of them.
Using Python
Using Python
The following steps can be followed to remediate the “Termination Protection Should Be Enabled” misconfiguration in AWS using Python:This will enable termination protection for all instances in your AWS account.
- Import the necessary libraries:
- Create an EC2 client:
- Get a list of all instances:
- Enable termination protection for each instance: