Ensure termination protection is enabled for AWS CloudFormation Stack

MEDIUM

Description

Termination Protection feature is disabled in AWS CloudFormation stacks. This may lead to accidental deletion of AWS CloudFormation Stack.

Remediation

In AWS Console -

  1. Sign in to AWS Console and open the AWS CloudFormation Console.
  2. Select the stack that you want.
  3. Select Stack actions in the stack details pane, and then edit 'Termination Protection'.
  4. In the Edit Termination Protection dialogue box, select enable and click Save.

In Terraform -

  1. In the aws_cloudformation_stack_set_instance resource, set the retain_stack field to true.

References:
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_set_instance#retain_stack

Policy Details

Rule Reference ID: AC_AWS_0022
CSP: AWS
Remediation Available: Yes
Resource Category: Management
Resource Type: CloudFormation

Frameworks