BigQuery tables do not have deletion protection enabled
Description
This policy (CKV_GCP_121) is looking to confirm that deletion protection is enabled for all BigQuery tables in a Google Cloud Platform (GCP) environment. The reason this is important is because tables without deletion protection can be deleted either accidentally or maliciously. In both cases, valuable data could be permanently lost. By ensuring deletion protection is enabled, the data within the tables is safeguarded from such accidental or malicious deletions, maintaining its integrity and availability.
Code Example
go
resource "google_bigquery_table" "example" {
dataset_id = google_bigquery_dataset.example.dataset_id
table_id = "example_table"
deletion_protection = true
}Remediation
Terraform
- Resource: google_bigquery_table
- Arguments: deletion_protection
To fix this issue, you need to enable deletion protection in your BigQuery tables. This can be done by setting the `deletion_protection` argument to `true` in the BigQuery table resource block in your Terraform code.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0979 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_GCP_121 |