How can I secure my critical EC2 instances from deletion?

For added security, you can leverage Service Control Policies (SCPs) if your accounts are part of an AWS organization. This way, you can deny the ability to terminate those EC2 instances based on specified conditions. It offers another layer of protection alongside instance termination protection.

I don’t think it’s necessary to have multiple accounts involved for termination, but daily backups are crucial. Just ensure you have a solid backup plan in place using AWS Backup to easily restore instances in case of emergencies.

One effective method is to implement a CI/CD pipeline. Only the pipeline runner can delete instances in production. When someone wants to delete an instance, they’ll need to raise a merge request for approval. This keeps tight control on who can make changes to the instances, and reduces the risk of malicious actions. Also, ensure your IAM roles are set to the least privilege necessary.

You can set AWS termination protection on your critical EC2 instances which will prevent them from being accidentally destroyed. For automated backups, consider using AWS Backup as it can handle daily backups for you. Here’s a link that explains how to disable API termination: [link](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_ChangingDisableAPITermination.html).

Definitely enable termination protection on critical instances. Use strict IAM policies to control permissions and consider implementing Multi-Factor Authentication (MFA) for extra security on actions related to backups. You can use the command `aws ec2 modify-instance-attribute --instance-id --disable-api-termination` to set termination protection.