AWS-DocumentDB-clusters-deletion-protection-enable

Severity: Medium

Description: This control ensures that the Deletion Protection feature is enabled for the DocumentDB cluster to prevent accidental deletions. The "Deletion Protection" feature for AWS DocumentDB Clusters denies any delete operation on the cluster from any source and entity. This provides protection for the clusters from being accidentally deleted. In a production environment, the availability of the data is very crucial and preventing deletion of a cluster ensures the data is available.

Remediation Steps:

Perform following to update DocumentDB deletion protection:

1. Login to the AWS Management Console at https://console.aws.amazon.com.

2. Navigate to DocumentDB console.

3. In the Navigation pane, choose Databases.

4. Click on the Database Cluster to be modified, click Modify.

5. Under Deletion Protection, select enable deletion protection checkbox.

6. Click on the Continue button

7. Under Scheduling of modifications option select Apply Immediately.

8. Click on Modify Cluster button..

Important:

Reference:

• https://docs.aws.amazon.com/documentdb/latest/developerguide/db-cluster-delete.html