Triage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration of DocumentDB cluster not having deletion protection enabled in AWS RDS, you can follow these step-by-step instructions using the AWS Management Console:
- Sign in to the AWS Management Console: Go to https://aws.amazon.com/ and sign in to your AWS account.
- Navigate to the Amazon DocumentDB Console: Click on the “Services” dropdown menu at the top of the page, then select “DocumentDB” under the Database category.
- Select the DocumentDB Cluster: In the DocumentDB dashboard, locate the DocumentDB cluster that you want to enable deletion protection for, and click on its name to access its details.
- Enable Deletion Protection: In the cluster details page, click on the “Modify” button at the top right corner.
- Enable Deletion Protection Option: Scroll down to the “Deletion protection” section in the Modify cluster settings page.
- Enable Deletion Protection: Check the box next to “Enable deletion protection” to turn on deletion protection for the DocumentDB cluster.
- Save Changes: Scroll down to the bottom of the page and click on the “Modify cluster” button to save the changes.
- Verify Deletion Protection: Once the modification is completed, go back to the DocumentDB cluster details page and ensure that the deletion protection status is now enabled.
Using CLI
Using CLI
To remediate the misconfiguration of a DocumentDB cluster not having deletion protection enabled in AWS RDS using AWS CLI, follow these steps:
-
Install and Configure AWS CLI:
If you haven’t already, install the AWS CLI and configure it with the necessary credentials by running:
Follow the prompts to input your AWS Access Key ID, Secret Access Key, default region, and default output format.
-
Enable Deletion Protection for the DocumentDB Cluster:
Run the following AWS CLI command to enable deletion protection for your DocumentDB cluster:
Replace
YOUR_CLUSTER_IDENTIFIERwith the actual identifier of your DocumentDB cluster. -
Verify the Deletion Protection Status:
To verify that deletion protection has been successfully enabled for your DocumentDB cluster, you can describe the cluster using the following command:
Ensure that the
DeletionProtectionattribute in the output is set totrue.
Using Python
Using Python
To remediate the misconfiguration of not having deletion protection enabled for an Amazon DocumentDB cluster in AWS using Python, you can use the AWS SDK for Python (boto3) to update the cluster configuration. Here are the step-by-step instructions:
- Install the AWS SDK for Python (boto3) if you haven’t already:
- Create a Python script with the following code to enable deletion protection for the DocumentDB cluster:
-
Replace
'your-cluster-identifier'with the actual identifier of your DocumentDB cluster. - Run the Python script. This will enable deletion protection for the specified DocumentDB cluster.