AWS Elastic Load Balancer v2 with deletion protection feature disabled
Description
This policy is checking to ensure that the Load Balancer on an AWS cloud network has enabled deletion protection. The absence of this protection can be harmful because it puts the system at the risk of accidental or unintended deletion, leading to disruption of network services and possibly loss of data.
Code Example
go
resource "aws_elb" "example" {
name = "example"
availability_zones = ["us-west-2a", "us-west-2b", "us-west-2c"]
listener {
instance_port = 80
instance_protocol = "http"
lb_port = 80
lb_protocol = "http"
}
enable_deletion_protection = true
}Remediation
Terraform
To fix the issue highlighted by the mentioned policy, you should enable the deletion protection for your load balancer in AWS.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0200 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AWS_150 |