Skip to main content

Use Case for AWS DynamoDB Tables should have Deletion Protection enabled

  1. Configure AWS DynamoDB Tables should have Deletion Protection enabled
  2. Use Case for AWS DynamoDB Tables should have Deletion Protection enabled
  3. Triage Guides by Violation Type
    1. Triage AWS DynamoDB Tables should have Deletion Protection enabled TABLE_DELETION_PROTECTION_NOT_ENABLED

DynamoDB Table Deletion Protection

Why Use This Policy?

Enabling deletion protection for DynamoDB tables is crucial for preventing accidental or malicious deletion of your data. This policy helps ensure that your tables have deletion protection enabled, enhancing the security and reliability of your database.

Pros

  • Security: Prevents unauthorized deletion of important data.
  • Reliability: Ensures data integrity and availability by protecting against accidental deletions.

Cons

  • Cost: No direct cost, but enabling deletion protection might make intentional deletions more cumbersome.

How the Policy Works

This policy checks if the deletion protection is enabled for DynamoDB tables. It evaluates the DeletionProtectionEnabled attribute and triggers a violation if it is set to false.

Variables

  • DeletionProtectionEnabled: This attribute indicates whether deletion protection is enabled for the DynamoDB table. Default is false.

Violation Type IDs

  • TABLE_DELETION_PROTECTION_NOT_ENABLED: This violation occurs when the deletion protection is not enabled for a DynamoDB table.

Conclusion

Enabling deletion protection for your DynamoDB tables is a best practice for securing your data. This policy helps automate the detection of tables that lack this protection, ensuring better data security and reliability.