Ensure that all your provisioned Amazon Aurora database clusters are protected from accidental deletion by having the Deletion Protection feature enabled at the Aurora cluster level.
This rule can help you with the following compliance standards:
- NIST4
For further details on compliance standards supported by Conformity, see here.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Deletion protection prevents any existing or new provisioned Aurora database clusters from being terminated by a root or an IAM user, using the AWS Management Console, AWS CLI, or AWS API, unless the feature is explicitly disabled. With Deletion Protection safety feature enabled, you have the certainty that your Amazon Aurora database clusters can't be accidentally deleted and make sure that your data remains safe.
Audit
To determine if your Aurora database clusters are protected against accidental deletion, perform the following actions:
Remediation / Resolution
To enable the Deletion Protection feature for your existing Amazon Aurora database clusters, perform the following actions:
References
- AWS Documentation
- Amazon Aurora FAQs
- Amazon RDS Now Provides Database Deletion Protection
- Deleting Aurora DB clusters and DB instances
- Modifying an Amazon Aurora DB cluster
- AWS Command Line Interface (CLI) Documentation
- rds
- describe-db-clusters
- modify-db-cluster
- CloudFormation Documentation
- Amazon Relational Database Service resource type reference
- Terraform Documentation
- AWS Provider
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Cluster Deletion Protection
Risk Level: Medium