Aqua CSPM

Instance Policy Protection

Quick Info

Plugin TitleInstance Policy Protection
CloudORACLE
CategoryCompute
DescriptionEnsures policy statements have deletion protection for compute instances unless it is an administrator group.
More InfoAdding deletion protection to Oracle compute instance policies mitigates unintended deletion of instances by unauthorized users or groups.
ORACLE Linkhttps://docs.cloud.oracle.com/iaas/Content/Security/Reference/iam_security.htm
Recommended ActionWhen writing policies, avoid blanket statements, and add a where statement with the line request.permission != INSTANCE_DELETE.

Detailed Remediation Steps