Big Table Instances do not have deletion protection enabled
Description
This policy is verifying that Big Table Instances operated within Google Cloud Platform (GCP) have deletion protection enabled. The purpose of this check is to prevent unintended data loss or service disruption from the accidental deletion of important Big Table Instances. If deletion protection is not enabled, an erroneous delete command could lead to permanent loss of data or service functionality, affecting business operations or possibly leading to a breach in compliance obligations.
Remediation
Terraform
- Resource: google_bigtable_instance
- Arguments: deletion_protection
To fix this issue, enable deletion protection on BigTable Instances in your terraform configuration file.
[source,go] ``` resource "google_bigtable_instance" "instance" { deletion_protection = true ... } ```
The code above is considered secure because `deletion_protection` is set to `true`. When `deletion_protection` is enabled, this ensures that accidental deletion of the instance is prevented because the instance cannot be deleted when `deletion_protection` is set to `true`. This is a security best practice that adds an additional layer of protection to prevent data loss.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0980 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_GCP_122 |