Back to All Checks
Medium DocumentDB Regional

Amazon DocumentDB clusters should have deletion protection enabled

NIST 800-53

Description

This control checks whether an Amazon DocumentDB cluster has deletion protection enabled. The control fails if the cluster doesn't have deletion protection enabled. Enabling cluster deletion protection offers an additional layer of protection against accidental database deletion or deletion by an unauthorized user. An Amazon DocumentDB cluster can't be deleted while deletion protection is enabled. You must first disable deletion protection before a delete request can succeed. Deletion protection is enabled by default when you create a cluster in the Amazon DocumentDB console.

Remediation

Enable deletion protection for your Amazon DocumentDB cluster to prevent accidental deletion.

Steps

  1. Open the Amazon DocumentDB console.
  2. Choose 'Clusters' from the navigation pane.
  3. Select the cluster you want to modify.
  4. Choose 'Modify'.
  5. In the 'Deletion protection' section, select 'Enable deletion protection'.
  6. Choose 'Continue' and then 'Modify cluster'.

Compliance

NIST 800-53
Start Your Free Security Check