AWS database instances do not have deletion protection enabled

Description

This policy is checking for whether AWS database instances have deletion protection enabled or not. If deletion protection is disallowed, there could be potential accidental loss of valuable or critical data. This can happen due to an inadvertent user action. Therefore, it's important for AWS database instances to have deletion protection enabled to prevent the unexpected removal of database that might cause data loss or downtime issues.

Code Example

hcl

resource "aws_db_instance" "default" {
  ...
+ deletion_protection  = true
}

Remediation

Terraform

Resource: aws_db_instance
Arguments: deletion_protection

To fix the issue:

You need to enable `deletion_protection` parameter in the AWS instance block. This ensures that the termination of this DB instance is prevented when this parameter is set to 'true'.

Rule Details

Field	Value
ID	IAC-0341
Severity	MEDIUM
IaC Type	Terraform
Frameworks	Terraform, TerraformPlan
Checkov ID	CKV_AWS_293

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

AWS database instances do not have deletion protection enabled

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

AWS database instances do not have deletion protection enabled ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

AWS database instances do not have deletion protection enabled

Description

Code Example

Remediation

Rule Details

References