Ensure that all your Amazon Aurora databases are protected from accidental deletion by having Deletion Protection feature enabled at the Aurora database cluster level.
This rule can help you with the following compliance standards:
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Deletion protection prevents any existing or new Aurora database cluster, regardless of its type - provisioned or serverless, from being terminated by a root or IAM user using the AWS Management Console, AWS CLI or AWS API calls, unless the feature is explicitly disabled. With Deletion Protection safety feature enabled, you have the certainty that your Amazon Aurora cluster cannot be accidentally deleted and make sure that your data remains safe.
Audit
To determine if your Aurora database clusters are protected against accidental deletion, perform the following actions:
Remediation / Resolution
To enable Deletion Protection feature for your existing Amazon Aurora database clusters (provisioned and serverless), perform the following actions:
References
- AWS Documentation
- Amazon Aurora FAQs
- Amazon RDS Now Provides Database Deletion Protection
- Deleting a DB Instance in an Aurora DB Cluster
- Modifying an Amazon Aurora DB Cluster
- AWS Command Line Interface (CLI) Documentation
- rds
- describe-db-clusters
- modify-db-cluster
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
Cluster Deletion Protection
Risk level: Medium