Implementation of safeguards to prevent accidental or unauthorized deletion of databases in Amazon Web Services RDS.
AWSTemplateFormatVersion: '2010-09-09'
Resources:
MyDBInstance:
Type: AWS::RDS::DBInstance
Properties:
AllocatedStorage: 20
DBInstanceClass: db.t2.micro
Engine: mysql
EngineVersion: 5.7
MasterUsername: foo
MasterUserPassword: foobarbaz
DBName: mydb
StorageType: gp2
DBParameterGroupName: default.mysql5.7
SkipFinalSnapshot: true
This CloudFormation template creates an AWS RDS instance.
However, it lacks safeguards against accidental or unauthorized deletion.
Specifically:
- DeletionProtection is not enabled, which means the database can be
deleted without any restrictions.
- SkipFinalSnapshot is set to
true, which prevents a final snapshot
from being created when the DB instance is deleted. This leads to
permanent loss of data if deleted.
AWSTemplateFormatVersion: '2010-09-09'
Resources:
MyDBInstance:
Type: AWS::RDS::DBInstance
Properties:
AllocatedStorage: 20
DBInstanceClass: db.t2.micro
Engine: mysql
EngineVersion: 5.7
MasterUsername: foo
MasterUserPassword: foobarbaz
DBName: mydb
StorageType: gp2
DBParameterGroupName: default.mysql5.7
SkipFinalSnapshot: false
DeletionProtection: true
BackupRetentionPeriod: 7
This improved CloudFormation template addresses the risks by:
1. Setting
DeletionProtection to
true, preventing unintended deletion.
2. Setting
SkipFinalSnapshot to
false, ensuring a snapshot is taken
before deletion.
3. Defining
BackupRetentionPeriod to
7 to allow recovery to a point
in time within the last 7 days.
These changes help mitigate accidental or malicious deletion and ensure
data recovery options are in place.