Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: RDS DB Instances Deletion Protection Enabled

This rule requires RDS DB instances to have deletion protection enabled to ensure critical data is not accidentally deleted.

RuleRDS DB instances should have deletion protection enabled
FrameworkNIST 800-53 Revision 5
Severity
Critical

Rule Description:

RDS (Relational Database Service) is a managed database service provided by Amazon Web Services (AWS). The rule states that all RDS DB instances should have deletion protection enabled in compliance with the NIST 800-53 Revision 5 security standard. Deletion protection prevents accidental or malicious deletion of an RDS DB instance.

Remediation:

To enable deletion protection for an RDS DB instance, follow the step-by-step guide below:

  2. 1.
    Log in to the AWS Management Console.
  4. 2.
    Go to the Amazon RDS service.
  6. 3.
    Select the region in which the RDS DB instance is deployed.
  8. 4.
    Click on the target RDS DB instance from the list.
  10. 5.
    In the "Actions" drop-down menu, select "Modify."
  12. 6.
    Scroll down to the "Deletion Protection" section.
  14. 7.
    Check the box next to "Enable deletion protection."
  16. 8.
    Click on the "Continue" button.
  18. 9.
    Review the changes and ensure that deletion protection is enabled.
  20. 10.
    Click on the "Modify DB Instance" button to apply the changes.

Troubleshooting:

In case you encounter any issues while enabling deletion protection for an RDS DB instance, follow the troubleshooting steps below:

  2. 1.
    Ensure that you have the necessary permissions to modify the RDS DB instance. Check if you have the required IAM (Identity and Access Management) role or user permissions.
  4. 2.
    Make sure the RDS DB instance is in an available state. If it is in a state other than "available," such as being modified, the modification may fail.
  6. 3.
    Verify that there are no pending changes for the RDS DB instance. If there are any pending changes, wait for them to be applied before attempting to enable deletion protection.
  8. 4.
    Check if the AWS CLI (Command Line Interface) is installed and configured correctly. If you prefer using the CLI, ensure that you have the latest version and that your credentials are properly set up.
  10. 5.
    If the deletion protection modification fails, contact AWS Support for further assistance.

CLI Commands:

If you prefer using the AWS CLI to enable deletion protection for an RDS DB instance, execute the following command:

aws rds modify-db-instance --db-instance-identifier <DB_INSTANCE_IDENTIFIER> --deletion-protection true

Replace 

<DB_INSTANCE_IDENTIFIER>
with the actual identifier of the RDS DB instance.

Please note that you need to have the AWS CLI installed and properly configured for this command to work.

Note:

Enabling deletion protection ensures that accidental or malicious deletion of RDS DB instances is prevented. This offers an additional layer of protection to safeguard your critical data and databases. It is recommended to enable deletion protection for all production RDS DB instances to align with the NIST 800-53 Revision 5 security standard.

Is your System Free of Underlying Vulnerabilities?
Find Out Now