Ensure load balancer has deletion protection enabled

Error: Deletion protection disabled for load balancer

Bridgecrew Policy ID: BC_AWS_GENERAL_62
Checkov Check ID: CKV_AWS_150
Severity: MEDIUM

Deletion protection disabled for load balancer

Description

This policy identifies Elastic Load Balancers v2 (ELBv2) which are configured with deletion protection feature disabled. Enabling delete protection for these ELBs prevents irreversible data loss resulting from accidental or malicious operations.
For more details refer: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancers.html#deletion-protection

Fix - Runtime

AWS Console

  1. Log in to the AWS console
  2. In the console, select the specific region from the region drop-down on the top right corner, for which the alert is generated
  3. Go to the EC2 Dashboard, and select 'Load Balancers'
  4. Click on the reported Load Balancer
  5. On the Description tab, choose 'Edit attributes'
  6. On the Edit load balancer attributes page, select 'Enable' for 'Delete Protection'
  7. Click on 'Save' to save your changes

Fix - Buildtime

Terraform

  • Resource: aws_lb
  • Argument: enable_deletion_protection
resource "aws_lb" "test_success" {
  ...
+ enable_deletion_protection = true
}

Did this page help you?