EC2 API termination protection is not enabled Affecting EC2 service in AWS


Severity

0.0
medium
0
10
    Severity Framework
    Snyk CCSS
    Rule category
    General / Settings

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
    Frameworks
    CSA-CCM ISO-27001
  • Snyk ID SNYK-CC-00283
  • credit Snyk Research Team

Description

Without this setting enabled, the instance can be terminated by accident. This setting should only be used for instances with high availability requirements. Enabling this may prevent IaC workflows from updating the instance; for example, Terraform will not be able to terminate the instance to update the instance type.

How to fix?

Set the disable_api_termination attribute to true.

Example Configuration

resource "aws_instance" "demo" {
  ami                     = "ami-005e54dee72ccabcd"
  instance_type           = "t2.micro"
  disable_api_termination = true
}