EC2 API termination protection is not enabled Affecting EC2 service in AWS

Snyk CCSS

General / Settings

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CSA-CCM ISO-27001

Snyk ID SNYK-CC-00283
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Without this setting enabled, the instance can be terminated by accident. This setting should only be used for instances with high availability requirements. Enabling this may prevent IaC workflows from updating the instance; for example, Terraform will not be able to terminate the instance to update the instance type.

How to fix?

Set the disable_api_termination attribute to true.

Example Configuration

resource "aws_instance" "demo" {
  ami                     = "ami-005e54dee72ccabcd"
  instance_type           = "t2.micro"
  disable_api_termination = true
}

Terraform

Resource: aws_instance

References

Enable termination protection