[RDS.7]
RDS clusters should have deletion protection enabled
Description
All RDS DB clusters must have deletion protection enabled. Deletion protection provides you an added layer of security in case of a database is deleted by accident or an unauthorized entity. An RDS cluster with deletion protection cannot be deleted unless deletion protection is disabled. This rule is COMPLIANT when a cluster has deletion protection enabled.
Details
| Property | Value |
|---|---|
| Category | Protect > Data protection > Data deletion protection |
| Compliance Control ID | RDS.7 |
| FortifyFox ID | FF100035 |
| Link | RDS.7 Compliance |
| Resource Type(s) | AWS::RDS::DBCluster |
| Severity | Low |
Remediation
Use the following CloudFormation templates to deploy a RDS DB Cluster compliant with RDS.7
YAML Template
Resources:
rdsDBCluster:
Type: "AWS::RDS::DBCluster"
Properties:
DeletionProtection: true
JSON Template
{
"Resources": {
"rdsDBCluster": {
"Type": "AWS::RDS::DBCluster",
"Properties": {
"DeletionProtection": true
}
}
}
}