Skip to content

Instantly share code, notes, and snippets.

@arbabnazar

arbabnazar/info.md

Forked from manicminer/info.md
Created May 12, 2017 19:00
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save arbabnazar/2b7a247a8763520dcf6d8e0367384184 to your computer and use it in GitHub Desktop.
Save arbabnazar/2b7a247a8763520dcf6d8e0367384184 to your computer and use it in GitHub Desktop.
Download ZIP
RDS Production termination protection
Raw
info.md

RDS Production Termination Protection

Create a policy like this, substituting your AWS account number, then attach it to all groups and roles. It will prevent deletion of RDS instances containing the string "prod" in their name.

Note: This is intended to prevent accidental deletion, and is easily sidestepped.

Raw
policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"rds:DeleteDBInstance"
],
"Effect": "Deny",
"Resource": "arn:aws:rds:*:123456789012:*prod*"
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment