Description:
Amazon Relational Database Service (Amazon RDS) is a web service that makes it easier to set up, operate, and scale a relational database in the AWS Cloud. It provides cost-efficient, resizable capacity for an industry-standard relational database and manages common database administration tasks.
Rational:
With the Deletion Protection feature enabled, you can rest assured that your Amazon RDS database instances will not be deleted by accident and that your data will be protected.
Impact:
Deletion protection prevents users from deleting any existing or new RDS database instances via the AWS Management Console, the CLI, or API requests unless the functionality is explicitly disabled.
Default value:
By default, deletion protection will be enabled while creating the Database.
Pre-requisites:
Need to sign in as admin or IAM user with the required permission
Remediation:
Test Plan:
Sign in to AWS Management Console
Navigate to RDS service at https://console.aws.amazon.com/rds
Click on Databases in the left navigation pane
Click on the database that you want to examine and select the configurations tab
Under the configurations, tab check the Deletion protection column whether it’s enabled or disabled
If you notice Deletion Protection is Disabled follow the implementation steps to enable it.
Using AWS CLI:
To describe the deletion protection
aws rds describe-db-instances --region us-east-1 --db-instance-identifier cc-project5-db-instance --query 'DBInstances[*].DeletionProtection'
Implementation Steps:
Sign in to AWS Management Console
Navigate to RDS service at https://console.aws.amazon.com/rds
Click on Databases in the left navigation pane
Select the database that you want to edit and click on Modify
In modify DB Instance page make sure the Enable Deletion Protection checkBox is checked and click on continue
In the Scheduling of modifications section, perform one of the following actions based on your requirements:
Select Apply during the next scheduled maintenance window to apply the changes automatically during the next scheduled maintenance window.
Select Apply immediately to apply the changes right away.
- Click on Modify DB Instance
Using AWS CLI:
aws rds modify-db-instance
--region us-east-1
--db-instance-identifier cc-project5-db-instance
--deletion-protection
--apply-immediately
Backout plan:
To revoke the changes made, do follow the same steps in the implementation section, but in step5 uncheck the Enable Deletion protection checkBox.
Using AWS CLI:
To disable the deletion protection
modify-db-instance --db-instance-identifier <value> --no-deletion-protection] --apply-immediately
References:
Amazon RDS DB instances - Amazon Relational Database Service