AWS CloudFormation Stacks Should Have Termination Protection Enabled
More Info:
Amazon CloudFormation stacks should have Termination Protection feature enabled in order to protect them from being accidentally deleted.Risk Level
LowAddress
Reliability, SecurityCompliance Standards
CBPTriage and Remediation
Remediation
Using Console
Using Console
Sure, here are the step-by-step instructions to remediate the issue of “AWS CloudFormation Stacks Should Have Termination Protection Enabled” for AWS using the AWS console:
- Log in to your AWS Management Console.
- Navigate to the AWS CloudFormation console.
- In the left navigation pane, select “Stacks”.
- Select the stack for which you want to enable termination protection.
- Click on the “Actions” button and select “Enable termination protection”.
- A pop-up window will appear, asking you to confirm the action. Click on “Yes, Enable” to confirm.
- Once you have enabled termination protection, you will see a lock icon next to the stack name indicating that it is now protected from accidental deletion.
Using CLI
Using CLI
To remediate the misconfiguration “AWS CloudFormation Stacks Should Have Termination Protection Enabled” in AWS using AWS CLI, you can follow the below steps:This command will list all the CloudFormation stacks in the AWS account that have termination protection disabled.Replace This command will list all the CloudFormation stacks in the AWS account that have termination protection enabled.By following these steps, you can remediate the misconfiguration “AWS CloudFormation Stacks Should Have Termination Protection Enabled” in AWS using AWS CLI.
- Open the AWS CLI on your local machine or EC2 instance.
- Check the status of termination protection for all the CloudFormation stacks in the AWS account by running the following command:
- Enable termination protection for each of the CloudFormation stacks listed in step 2 by running the following command:
<stack-name> with the name of the CloudFormation stack for which you want to enable termination protection.- Repeat step 3 for each of the CloudFormation stacks listed in step 2.
- Verify the termination protection status for all the CloudFormation stacks in the AWS account by running the following command:
Using Python
Using Python
To remediate the misconfiguration of AWS CloudFormation stacks not having termination protection enabled, you can use the following steps in Python:
- Import the necessary AWS SDKs and modules:
- Create a boto3 session and CloudFormation client:
- Get a list of all CloudFormation stacks:
- Loop through the list of stacks and check if termination protection is enabled:
- Run the script and verify that termination protection is now enabled for all CloudFormation stacks.