Hey everyone! I'm currently involved in a compliance and infrastructure safeguard project at my company. To make sure we're fully covered, I want to enable deletion protection wherever it's natively supported across all AWS services in our architecture. So far, I've compiled a list of services that offer built-in deletion protection, which includes EC2 Instances, RDS Instances, DynamoDB Tables, Neptune Clusters, DocumentDB Clusters, and Elastic Load Balancers (Classic, ALB, NLB). Before I proceed, I want to confirm—am I missing any other AWS services that have native deletion protection (specifically those with a checkbox option)? I'd love to hear from anyone who's tackled this before or has insights on similar hardening processes in production! Thanks in advance!
2 Answers
You might want to consider CloudFormation stacks since they offer deletion protection as well. It's great that you're making sure everything's secured!
You've got a solid list already! A few more to add are S3 Objects (enabled through Object Lock), AppConfig, Cognito User Pools, and Network Firewall. CloudFormation can also have termination protection set up. It's awesome that you're being proactive about this!
Thanks, that's the kind of response I was hoping for! A blog post on deletion protection would definitely be useful to have more clarity on this.
Thanks for pointing that out! I checked the Terraform documentation, and it looks like there's no deletion protection attribute listed for CloudFormation stacks. Still, I'm glad you mentioned it!