Ensure RDS clusters and instances have deletion protection enabled

Error: RDS clusters and instances have deletion protection disabled

Bridgecrew Policy ID: BC_AWS_GENERAL_69
Checkov Check ID: CKV_AWS_139
Severity: LOW

RDS clusters and instances have deletion protection disabled

Description

Enabling deletion protection on Amazon Relational Database Service (RDS) clusters and instances can help to prevent accidental deletion. When deletion protection is enabled, you cannot delete the RDS cluster or instance using the AWS Management Console, the AWS CLI, or the RDS API. This can be helpful if you want to ensure that your RDS resources are not deleted accidentally, either by yourself or by someone else with access to your AWS account.

Fix - Buildtime

Terraform

  • Resource: aws_rds_cluster
  • Argument: deletion_protection
resource "aws_rds_cluster" "default" {
  ...
+ deletion_protection = true
}