AWS Config Rule: RDS Cluster Deletion Protection Enabled

RDS_CLUSTER_DELETION_PROTECTION_ENABLED

Fernando Honig

Last Update il y a 8 mois

Description: Checks if an Amazon Relational Database Service (Amazon RDS) cluster has deletion protection enabled. This rule is NON_COMPLIANT if an RDS cluster does not have deletion protection enabled.


Trigger type: Configuration changes


AWS Region: All supported AWS regions except Middle East (Bahrain), China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), South America (Sao Paulo), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Spain), Europe (Zurich) Region


How to Resolve Manually

Much like the same config rule which checks RDS Instances, this one will check Clusters. One, or both, may be applicable to you.


To resolve this manually, when creating or editing your RDS Cluster, check under the additional configuration section and near the bottom you will see a section which will enable or disable deletion protection.


Now, with the vast majority of deployments, this is enabled by default. But the config rule will still exist to check if any have been disabled and therefore show as NON-COMPLIANT


How to Resolve with StackZone

StackZone can automatically resolve your non-compliant RDS Cluster by running an automation script to enable enhanced monitoring for you.


To enable this remediation, within the StackZone console head on over to Baseline Services -> AWS Config Rules Regional -> Amazon RDS and enable RDS Cluster Deletion Protection Enabled Remediation


Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

1 out of 1 liked this article

Still need help? Message Us