logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

Lack of protection against deletion - RDS - Cloudformation

Need

Implementation of safeguards to prevent accidental or unauthorized deletion of databases in Amazon Web Services RDS.

Context

  1. Usage of AWS CloudFormation for Infrastructure as Code (IaC)
  2. Usage of AWS SDK for interacting with Amazon Web Services

Description

Insecure Code Example

AWSTemplateFormatVersion: '2010-09-09'
Resources:
  MyDBInstance:
    Type: AWS::RDS::DBInstance
    Properties:
      AllocatedStorage: 20
      DBInstanceClass: db.t2.micro
      Engine: mysql
      EngineVersion: 5.7
      MasterUsername: foo
      MasterUserPassword: foobarbaz
      DBName: mydb
      StorageType: gp2
      DBParameterGroupName: default.mysql5.7
      SkipFinalSnapshot: true

This CloudFormation template creates an AWS RDS instance. However, it lacks safeguards against accidental or unauthorized deletion. Specifically: - `DeletionProtection` is not enabled, which means the database can be deleted without any restrictions. - `SkipFinalSnapshot` is set to `true`, which prevents a final snapshot from being created when the DB instance is deleted. This leads to permanent loss of data if deleted.

Steps

  1. Enable `DeletionProtection` in the RDS instance configuration.
  2. Ensure `SkipFinalSnapshot` is set to `false` to retain a snapshot.
  3. Enable backups by setting a `BackupRetentionPeriod`.
  4. Apply proper IAM access controls and enable monitoring via CloudTrail.

Secure Code Example

AWSTemplateFormatVersion: '2010-09-09'
Resources:
  MyDBInstance:
    Type: AWS::RDS::DBInstance
    Properties:
      AllocatedStorage: 20
      DBInstanceClass: db.t2.micro
      Engine: mysql
      EngineVersion: 5.7
      MasterUsername: foo
      MasterUserPassword: foobarbaz
      DBName: mydb
      StorageType: gp2
      DBParameterGroupName: default.mysql5.7
      SkipFinalSnapshot: false
      DeletionProtection: true
      BackupRetentionPeriod: 7

This improved CloudFormation template addresses the risks by: 1. Setting `DeletionProtection` to `true`, preventing unintended deletion. 2. Setting `SkipFinalSnapshot` to `false`, ensuring a snapshot is taken before deletion. 3. Defining `BackupRetentionPeriod` to `7` to allow recovery to a point in time within the last 7 days. These changes help mitigate accidental or malicious deletion and ensure data recovery options are in place.

References

  • 256 - Lack of protection against deletion - RDS

    • Last updated

    2025/04/04