Deletion protection for Spanner Database is disabled
Description
This policy is examining Google Cloud Platform's Spanner Databases to ensure that deletion protection is enabled. Deletion protection is a safeguard that prevents accidental deletion of the database, which could lead to data loss or disruption of services. Without this protective measure, valuable or sensitive information could be accidentally destroyed, significantly impacting a business or operation. Therefore, activating deletion protection is considered a best practice in terms of security and data management.
Code Example
hcl
resource "google_spanner_database" "database" {
instance = "your-spanner-instance"
name = "your-database-name"
ddl = [
"CREATE TABLE t1 (t1 INT64 NOT NULL,) PRIMARY KEY(t1)",
]
deletion_protection = true
}Remediation
Terraform
- Resource: google_spanner_database
- Arguments: deletion_protection
To fix this issue, you should enable the deletion protection in your Spanner Database configuration.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0977 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_GCP_119 |