Dear Reader, hope you are doing good. In today’s post, we are gonna learn “How to Enable Termination Protection on an EC2 Instance in AWS”. We will learn it using AWS Management Console as well as AWS CLI.
As the name says, termination protection of EC2 instance means, protecting your instance against accidental termination.
Usually, you launch an EC2 instance, do your work and if you don’t need it ever again, you terminate it.
However, if you don’t want your instance to be terminated by someone accidentally, you can enable termination protection on your instance.
What Happens When You Enable Termination Protection on Your Instance?
By default, termination protection is disabled on your instance. And, you can delete/terminate your instance by any means. But, when you enable termination protection on your instance, you can not terminate it from console, CLI or API.
- Each AWS EC2 instance has an attribute disableApiTermination, which is false by default. You can make it true to enable termination protection on your instance.
- You can set the value of this attribute(disableApiTermination) at instance launch time, while it’s running or stopped.
- After enabling this, your instance is not terminated from console, CLI or API. However, it can still be terminated from shutdown command from your instance if shutdown behavior is set to terminate.
- Also, an Auto scaling scale in operation can terminate your instance even though termination protection is enabled on it
- You can enable termination protection for both instance store-backed as well as EBS-backed instances.
- You can’t enable termination protection for spot instances
Let’s get started !!
Steps to Enable Termination Protection on an EC2 Instance using AWS Console
- Login to AWS Management Console and Open EC2
- Select Instance to Enable Termination Protection
- Enable Instance Termination Protection
- Validate Termination Protection
1. Login to AWS Management console and Open EC2
Login to AWS Management Console . Search for ec2 in the search bar as shown in below screenshot. Once EC2 appears, click on that.
Switch to the region your EC2 instance is present. For example, my instance is in Ireland, therefore, I am switching to Ireland region.
2. Select Instance to Enable Termination Protection
Once you are in EC2 dashboard, search for your EC2 instance, select your instance and then click on Actions.
Click Instance settings and then click Change termination protection.
EC2 Instance -> Actions -> Instance settings -> Change termination protection
3. Enable Instance Termination Protection
Once you click on Change termination protection, you see below screen where it shows current termination protection status.
As we have not yet enabled termination protection, it is disabled as you can see in the screenshot.
Click the checkbox to enable termination protection as shown in below screenshot and click Save.
After you click save, termination protections gets enabled on your instance. You can either verify that attribute in console or you can validate it by trying to terminate the instance.
4. Validate Termination Protection
Select your instance, click Instance state and then click Terminate instance to terminate your instance.
You will get a dialog box asking “Are you sure you want to terminate these instances?”
Click on Terminate
And here you go…
You will see an error like below and your instance is not terminated.
Which proves that your instance is protected against accidental deletion/termination now.
How to Enable Termination Protection on an EC2 Instance using AWS CLI
If you quickly wants to access AWS CLI, you can check my previous tutorial on AWS CloudShell to get started with CLI in minute. However if you prefer CLI in your local system free free to check “how to install and configure CLI“.
Once you have CLI ready, we can get started.
The CLI command to enable termination protection is below.
aws ec2 modify-instance-attribute --disable-api-termination --instance-id INSTANCE_ID
Replace INSTANCE_ID with your instance Id, and this is how it looks like-
aws ec2 modify-instance-attribute --disable-api-termination --instance-id i-0150e24b7b1c22c95
Use above command and hit enter.
It doesn’t gives any output. So, let’s check the status of disableApiTermination attribute by below command
aws ec2 describe-instance-attribute --instance-id i-0150e24b7b1c22c95 --attribute disableApiTermination
And, as you can see in below screenshot, it shows that value of this attribute is true. That means we have successfully enabled termination protection on our instance.
Note: If you want to enable termination protection on more then one instance at a time, specify all the instance Id separated by space and it will work fine.
aws ec2 modify-instance-attribute --disable-api-termination --instance-id id1 id2 id3
How to Terminate an EC2 instance on Which Termination Protection is Enabled?
Well, if you have got an EC2 instance on which termination protection is enabled. As obvious as it sounds, you need to disable the termination protection first. After that, you can terminate your EC2 instance successfully.
Navigate to path EC2 Instance -> Actions -> Instance settings -> Change termination protection and disable termination protection.
aws ec2 modify-instance-attribute --no-disable-api-termination --instance-id INSTANCEID
Once you have disabled terminate protection, you can terminate your EC2 instance fine.
In this post, we learnt how to enable termination protection on an EC2 instance. We also learnt that by enabling this feature, we make sure that our instance is not terminated accidentally by someone from console, CLI or API.
After, we enabled this setting, we tried terminating the instance using console and we saw the error that the instance can’t be terminated and we must modify disableApiTermination attribute, make it to false and try again.
We also saw set of CLI commands to enable termination protection, verify it and then disable termination protection using CLI.
Hope this was helpful to you. Please leave a comment to let me know how the post can be improved.
Enjoyed the content?
Subscribe to our newsletter below to get awesome AWS learning materials delivered straight to your inbox.
If you liked reading my post, you can motivate me by-
- Adding a comment below on what you liked and what can be improved.
- Follow us on
- Share this post with your friends and colleagues.
- How to Launch an EC2 instance in AWS Step by AWS
- Create an EC2 Instance in AWS using CloudFormation
- Attach an IAM Role to an EC2 Instance using CloudFormation
- How to Deploy Spring Boot Application to EC2 Instance
- How to Install Apache Web Server on EC2 Linux
- Use EC2 User Data to Install Apache Web Server
- Execute EC2 User Data Script using CloudFormation
- AWS EC2 Instance Purchasing Options: All You Need to Know
- How to Enable Ping on EC2 Instance
- Attach an Elastic IP to an EC2 Instance