Check provider logo

Ensure cognito user pools deletion protection enabled to prevent accidental deletion

cognito_user_pool_deletion_protection_enabled

Severitymedium
Servicecognito
by Prowler

Deletion protection is a feature that allows you to lock a user pool to prevent it from being deleted. When deletion protection is enabled, you cannot delete the user pool. By default, deletion protection is disabled

Risk

If deletion protection is not enabled, the user pool can be deleted by any user with the necessary permissions. This can lead to loss of data and service disruption

Run this check with Prowler CLI

prowler aws --checks cognito_user_pool_deletion_protection_enabled

Run in Prowler Cloud

ARN template

arn:aws:cognito-idp:region:account:userpool/userpool-id

Remediation

WUI

Deletion protection should be enabled for the user pool to prevent accidental deletion

References:
https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-deletion-protection.html

Source Code

References

Resource Type

AwsCognitoUserPool

Related URL