maxkabakov - Fotolia
AWS termination protection acts as resource safety belt
In the push to get applications to production quickly, mistakes can happen. But you can avoid potentially disastrous AWS resource deletion through these features and strategies.
In the cloud, you can provision infrastructure in mere minutes. While this enables faster product delivery times, you can lose resources as quickly as you spin them up. And if you lose critical resources, such as sensitive data or compute for production workloads, it can dramatically hurt your business.
For those reasons, it's important to apply AWS termination protection methods to prevent deletion of crucial resources. Let's start with Amazon EC2 instances, which are one of the most common types of resources you might spin up -- in fact, your environment likely runs quite a few of them.
To protect your EC2 instances from accidental deletion, enable AWS termination protection through AWS Management Console or via the DisableApiTermination attribute in the AWS Command Line Interface. However, this won't prevent someone else from stopping the instance. So, you should also ensure that the instance shutdown behavior is set to stop instead of terminate.
Cover your compute
Amazon EC2 instances are often part of AWS Auto Scaling groups, which can serve as an additional layer of defense against accidental termination. Auto Scaling groups include termination policies that help control which instances will terminate when resources scale in. While the default policy only ensures that your instances span availability zones evenly to provide high availability, you can choose from other policies to better fit your needs.
For example, the OldestInstance policy will help you upgrade instances to a newer type, while OldestLaunchConfiguration helps you update the entire group to a newer launch configuration. Another policy, NewestInstance, lets you test only the new configuration without keeping the instances.
You can enable AWS termination protection for the entire Auto Scaling group or for individual instances. But this only prevents instances from termination when scaling in. Manual termination or termination due to a failed health check can subvert this protection.
A valuable tool in the AWS arsenal, CloudFormation, enables you to automate, provision and update infrastructure resources on demand. If you spin up Amazon EC2 instances as part of the AWS CloudFormation template, you can implement stack protection to insulate those instances from deletion if someone tries to remove the entire stack. But this doesn't protect them from being deleted as individual resources.
Defend your data resources
It's important to safeguard data, as it's one of the most critical components in your cloud environment. Make sure to protect Amazon Elastic Block Store (EBS) volumes from accidental deletion when your instance terminates. To do this, disable the DeleteOnTermination attribute, which preserves your EBS volumes upon instance deletion. By default, this attribute is set to true on all root volumes, but you will need to disable it for additional volumes.
AWS termination protection is not available for all services. Amazon Relational Database Service (RDS), for example, doesn't provide it. This means that, when you delete your Amazon RDS instance, you will also lose the automated snapshots. To protect your database, take manual snapshots that will preserve whether your database terminates accidentally or intentionally.
Protect with permissions
The AWS shared responsibility model clearly states that organizations are responsible for user permissions, which includes resource protection. Luckily, permissions might be the simplest way to protect AWS resources from deletion.
Make sure to put the proper policies in place and update them as needed. For example, developers or project managers should not be able to terminate infrastructure, which means that they shouldn't have permissions to do so in the first place. Even better, attach a strict deny policy for such actions to any user or group outside of the operations team.