AWS Config Rule: EC2 Instance Termination Protection
EC2_TERMINATION_PROTECTION
Ryan Ware
Last Update vor einem Jahr
Description: Checks if an Amazon Elastic Compute Cloud (Amazon EC2) instance has termination protection enabled.
Trigger type: Configuration changes
AWS Region: All supported AWS regions
How to Resolve Manually
When Termination Protection is enabled against an EC2 Instance, it means the Instance cannot be terminated as easily from the CLI or AWS Console. It must be removed as an action before AWS allows you to successfully terminate an EC2 Instance.
To resolve this manually, you will need to first head on over to your Amazon EC2 Dashboard within the AWS Console.
Select your EC2 Instance that you wish to enable Termination Protection on, and from the Actions Menu, select Instance Settings followed by Change Termination Protection.
Once you have clicked this, you will be met with this options menu. We want to enable Termination Protection on this EC2 Instance so we can be compliant with the AWS Config Rule.
How to Resolve with StackZone
The Remediation action for this AWS Config Rule will allow StackZone to automatically update the attributes of all NON_COMPLIANT EC2 Instances in scope, so that they have Termination Protection enabled.
To enable this within your StackZone deployment, simply head on over to Provisioning -> Baseline Services -> AWS Config Rules Regional -> Amazon EC2 and enable Amazon EC2 Instance Termination Protection Remediation.
Now, you will be able to automatically set this setting on any Instances created without this attribute in the future!
Want to know more about StackZone and how to make your cloud management simple and secure?
Check our how it works section with easy to follow videos or just create your own StackZone Account here