Cluster Deletion Protection Should Be Enabled
More Info:
Amazon Aurora databases should be protected from accidental deletion. This is done by having Deletion Protection feature enabled at the database cluster level.Risk Level
MediumAddress
Operational Maturity, Reliability, SecurityCompliance Standards
HIPAATriage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration of “Cluster Deletion Protection Should Be Enabled” for an AWS RDS cluster using the AWS Management Console, follow these step-by-step instructions:
- Sign in to the AWS Management Console: Go to https://aws.amazon.com/ and sign in to your AWS account.
- Navigate to the RDS Service: Click on the “Services” dropdown menu at the top of the console, and then select “RDS” under the Database category.
- Select the RDS Cluster: From the list of RDS clusters, select the cluster for which you want to enable deletion protection by clicking on its name.
- Enable Deletion Protection: In the cluster details page, click on the “Modify” button located at the top of the page.
- Enable Deletion Protection Option: Scroll down to the “Backup” section of the Modify Cluster page, and locate the “Deletion protection” option.
- Check the Box: Check the box next to “Enable deletion protection” to enable this feature for the RDS cluster.
- Save Changes: Scroll to the bottom of the page and click on the “Continue” button.
- Apply Changes: Review the changes you have made, and then click on the “Modify cluster” button to apply the changes.
- Verify Deletion Protection: Once the modification is complete, go back to the cluster details page, and confirm that the “Deletion protection” status is now enabled for the RDS cluster.
Using CLI
Using CLI
To remediate the misconfiguration “Cluster Deletion Protection Should Be Enabled” for an AWS RDS cluster using AWS CLI, follow these steps:
-
Open the AWS CLI and run the following command to enable deletion protection for the RDS cluster:
Replace
your-cluster-namewith the actual identifier of your RDS cluster. -
After running the command, AWS will return the configuration details of the modified RDS cluster. Verify that the
DeletionProtectionparameter is set totrueto confirm that deletion protection has been enabled successfully. -
You can also verify the deletion protection status of the RDS cluster by running the following command:
Replace
your-cluster-namewith the actual identifier of your RDS cluster. -
Check the output of the command to ensure that the
DeletionProtectionparameter is set totrue.
Using Python
Using Python
To remediate the misconfiguration of Cluster Deletion Protection not being enabled for an AWS RDS cluster using Python, you can follow these steps:By following these steps, you can remediate the misconfiguration of Cluster Deletion Protection not being enabled for an AWS RDS cluster using Python.
- Import the necessary libraries:
- Initialize the RDS client:
- Identify the RDS cluster for which you want to enable deletion protection. You can specify the cluster identifier or use describe_db_clusters to list all clusters and choose the one you want to update.
- Enable deletion protection for the identified RDS cluster:
- Verify the modification was successful: