Amazon EC2 instances are easy to manage through the AWS console, CLI, or API; simple commands exist to create new instances, change attributes as they are running, stop instances, etc. However, mistakes with these powerful tools can easily terminate the wrong EC2 instance.
To prevent critical infrastructure from being accidentally terminated, you can enable termination protection for the instance.
This post looks at how Turbot Guardrails can help ensure termination protection is enabled across all of your instances in your AWS Accounts.
Traditional Workflow
It is very common at scale to see customer environments with backup automation but lacking retention management. While any individual snapshot can be deleted in a few clicks, it becomes difficult to identify snapshots, manage their lifecycle and programmatically remove them across multiple accounts. Often, because of time and personnel changes, it creates compliance risk to delete older snapshots (i.e. "what if someone needs it for something"). Over time, dozens of snapshots turn into hundreds (or thousands) due to this inaction.
Defense in depth
Termination protection is related to the DisableApiTermination attribute control which dictates whether the instance can be terminated using the console, CLI, or API. By default, termination protection is disabled for all instances. You can set the value of this attribute when you launch the instance, or after you create the instance (even while it is running). When enabled, termination protection will prevent user actions from deleting the instance and require the additional step of removing termination protection before someone can delete the instance.
Configuring this setting can be an additional layer of protection from accidental deletion as part of a defense in depth approach to data protection that should include:
Automated backups & snapshots.
Requiring elevated privileges to delete resources.
Proper naming, tagging and isolation of workloads.
Get it done with Turbot Guardrails
In Turbot Guardrails, EC2 Instance guardrails are readily available to control your cloud resource configurations. We can set the existing EC2 > Instance > Termination Protection policy in a few clicks:
After setting this policy, Turbot Guardrails automation will identify all instances without this setting enabled, and then handle remediation (i.e. update the instance attribute to DisableApiTermination).
If you are not yet ready to enforce remediation, you can assess the impact of this in your environment by setting the value to Check: Enabled at the Turbot level. You can then selectively apply the enforcement setting as desired.
Make it happen!
See for yourself how easy it is to enable Amazon EC2 termination protection across your environment. The policy settings necessary to apply these settings are available to download as a Terraform template in the Turbot Development Kit (TDK). If you need any assistance, let us know in our Slack community #guardrails channel. If you are new to Turbot, connect with us to learn more!