AWS Config Rule: RDS Cluster Deletion Protection Enabled

Description: Checks if an Amazon Relational Database Service (Amazon RDS) cluster has deletion protection enabled. This rule is NON_COMPLIANT if an RDS cluster does not have deletion protection enabled.

Trigger type: Configuration changes

AWS Region: All supported AWS regions except Middle East (Bahrain), China (Beijing), South America (Sao Paulo), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain) Region

Much like the same config rule which checks RDS Instances, this one will check Clusters. One, or both, may be applicable to you.

To resolve this manually, when creating or editing your RDS Cluster, check under the additional configuration section and near the bottom you will see a section which will enable or disable deletion protection.

Now, with the vast majority of deployments, this is enabled by default. But the config rule will still exist to check if any have been disabled and therefore show as NON-COMPLIANT

StackZone can automatically resolve your non-compliant RDS Cluster by running an automation script to enable enhanced monitoring for you.

To enable this remediation, within the StackZone console head on over to Baseline Services -> AWS Config Rules Regional -> Amazon RDS and enable RDS Cluster Deletion Protection Enabled Remediation

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here