[RDS.8]
RDS DB instances should have deletion protection enabled
Description
RDS DB instances that use one of the following database engines:
databaseEngines: mariadb,mysql,oracle-ee,oracle-se2,oracle-se1,oracle-se,postgres,sqlserver-ee,sqlserver-se,sqlserver-ex,sqlserver-web
must have deletion protection enabled. Deletion protection provides you an added layer of security in case of a database is deleted by accident or an unauthorized entity. An RDS instance with deletion protection cannot be deleted unless deletion protection is disabled. This rule is COMPLIANT when an instance has deletion protection enabled.
Details
| Property | Value |
|---|---|
| Category | Protect > Data protection > Data deletion protection |
| Compliance Control ID | RDS.8 |
| FortifyFox ID | FF100036 |
| Link | RDS.8 Compliance |
| Resource Type(s) | AWS::RDS::DBInstance |
| Severity | Low |
Remediation
Use the following CloudFormation templates to deploy an RDS DB Instance compliant with RDS.8
YAML Template
Resources:
rdsDB:
Type: "AWS::RDS::DBInstance"
Properties:
DeletionProtection: true
JSON Template
{
"Resources": {
"rdsDB": {
"Type": "AWS::RDS::DBInstance",
"Properties": {
"DeletionProtection": true
}
}
}
}