Hey everyone! I'm working on a compliance and infrastructure safeguard initiative at my company. I'm trying to make sure that deletion protection is enabled for all the AWS services in our infrastructure architecture where it's supported natively. So far, I have the following list of AWS services that offer built-in deletion protection: EC2 Instances, RDS Instances, DynamoDB Tables, Neptune Clusters, DocumentDB Clusters, and Elastic Load Balancers (Classic, ALB, NLB). Before I proceed, I want to double-check if I've overlooked any AWS services that also support native deletion protection (you know, the kind with a specific checkbox). I would really appreciate any insights from those who have tackled similar hardening or have experience with this in production. Thanks a bunch!
2 Answers
Great start on your list! In addition to what you've compiled, you should also check out S3 Objects with Object Lock, AppConfig, Cognito User Pools, and the Network Firewall. It’s worth noting that CloudFormation has termination protection too. The more the better!
You might want to consider CloudFormation stacks as well; they have a termination protection feature that can be quite handy! Just make sure to look into their documentation for specific settings.
Thanks for your comment! I checked the Terraform documentation, and it looks like there's no deletion protection attribute for CloudFormation stacks.
Thanks, that's exactly what I wanted to know! And yeah, a blog post on deletion protection features would definitely be helpful!