Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Critical Data Loss in RDS After AWS WAF Rule Deletion

0

Hello,

After removing all rules configured in AWS WAF (Web Application Firewall), we experienced a critical issue where all tables in a specific schema of our RDS instance were deleted.

We would like to ask the following:

  • Could any change to the WAF settings possibly affect RDS data?
  • Are there any logs available or backups that would allow recovery?

Please advise whether it is possible to investigate the cause and recover the data.

Thank you.

Topics
Security, Identity, & Compliance
Tags
AWS WAF
Language
English
asked a year ago161 views
1 Answer
1
Accepted Answer

Are you backing up the RDS database by taking snapshots or point in time recovery (PITR) options? If so, you can restore the database from either. Otherwise, I don't think you can restore the databases.

Changing WAF will control access to applications and the application might read / write data from the RDS databases. The application should not perform schema level operations. However, if your application actually has access to modify schema, then, yes, it can delete the tables. However, this is not WAF related even though WAF could prevent these issues, you should always provide least privileged access to RDS.

Also, in RDS console, you can you check the logs and confirm what deleted the tables.

EXPERT
answered a year ago
EXPERT
reviewed a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content