AWS Config Rule: DynamoDB Table Deletion Protection
DYNAMODB_TABLE_DELETION_PROTECTION
Eduardo Van Cauteren
Last Update 3 months ago
Description: Checks whether Amazon DynamoDB tables have Deletion protection ACTIVE. The rule is NON_COMPLIANT if the resource has Deletion protection INACTIVE.
Trigger type: Periodic
AWS Region: All supported AWS regions
How to Resolve Manually
This config rule checks whether you have Deletion protection enabled for a particular DynamoDB table. The rule will be marked as non-compliant if a table is found with Deletion protection option disabled.
Since this rule is triggered periodically, you can adjust how often the rule evaluation should occur and you can also specify tables you want to exempt from being checked. The following image illustrates both cases:
In order to resolve this manually, you need to check the current deletion protection status of a table. Head to AWS Console, go to DynamoDB service and click on Tables. Then click on the name of the desired Table and finally click on the table's Additional settings tab.
Scroll down until you found the Deletion protection card and click on Turn on button to enable the protection. Check the following screenshot as reference:
How to Resolve with StackZone
StackZone can automatically resolve your non-compliant DynamoDB Tables by running an automation script to enable deletion protection for you.
To enable this remediation, within the StackZone console head on over to Baseline Services > AWS Config Rules Regional > DynamoDB and enable DynamoDB Table Deletion Protection Remediation
Want to know more about StackZone and how to make your cloud management simple and secure?
Check our how it works section with easy to follow videos or just create your own StackZone Account here