How to Enable Termination Protection on an EC2 Instance

By PreetiAWS, EC2

Dear Reader, hope you are doing good. In today’s post, we are gonna learn “How to Enable Termination Protection on an EC2 Instance in AWS”. We will learn it using AWS Management Console as well as AWS CLI.

As the name says, termination protection of EC2 instance means, protecting your instance against accidental termination.

Usually, you launch an EC2 instance, do your work and if you don’t need it ever again, you terminate it.

However, if you don’t want your instance to be terminated by someone accidentally, you can enable termination protection on your instance.

What Happens When You Enable Termination Protection on Your Instance?

By default, termination protection is disabled on your instance. And, you can delete/terminate your instance by any means. But, when you enable termination protection on your instance, you can not terminate it from console, CLI or API.

  • Each AWS EC2 instance has an attribute disableApiTermination, which is false by default. You can make it true to enable termination protection on your instance.
  • You can set the value of this attribute(disableApiTermination) at instance launch time, while it’s running or stopped.
  • After enabling this, your instance is not terminated from console, CLI or API. However, it can still be terminated from shutdown command from your instance if shutdown behavior is set to terminate.
  • Also, an Auto scaling scale in operation can terminate your instance even though termination protection is enabled on it
  • You can enable termination protection for both instance store-backed as well as EBS-backed instances.
  • You can’t enable termination protection for spot instances

Let’s get started !!

Steps to Enable Termination Protection on an EC2 Instance using AWS Console

  • Login to AWS Management Console and Open EC2
  • Select Instance to Enable Termination Protection
  • Enable Instance Termination Protection
  • Validate Termination Protection

1. Login to AWS Management console and Open EC2

Login to AWS Management Console . Search for ec2 in the search bar as shown in below screenshot. Once EC2 appears, click on that.

Switch to the region your EC2 instance is present. For example, my instance is in Ireland, therefore, I am switching to Ireland region.

2. Select Instance to Enable Termination Protection

Once you are in EC2 dashboard, search for your EC2 instance, select your instance and then click on Actions.

Click Instance settings and then click Change termination protection.

EC2 Instance -> Actions -> Instance settings -> Change termination protection

How to Enable Termination Protection on an EC2 Instance 2

3. Enable Instance Termination Protection

Once you click on Change termination protection, you see below screen where it shows current termination protection status.

How to Enable Termination Protection on an EC2 Instance 3

As we have not yet enabled termination protection, it is disabled as you can see in the screenshot.

Click the checkbox to enable termination protection as shown in below screenshot and click Save.

How to Enable Termination Protection on an EC2 Instance 4

After you click save, termination protections gets enabled on your instance. You can either verify that attribute in console or you can validate it by trying to terminate the instance.

4. Validate Termination Protection

Select your instance, click Instance state and then click Terminate instance to terminate your instance.

How to Enable Termination Protection on an EC2 Instance 4

You will get a dialog box asking “Are you sure you want to terminate these instances?”

Click on Terminate

And here you go…

You will see an error like below and your instance is not terminated.

How to Enable Termination Protection on an EC2 Instance 6

Which proves that your instance is protected against accidental deletion/termination now.

How to Enable Termination Protection on an EC2 Instance using AWS CLI

If you quickly wants to access AWS CLI, you can check my previous tutorial on AWS CloudShell to get started with CLI in minute. However if you prefer CLI in your local system free free to check “how to install and configure CLI“.

Once you have CLI ready, we can get started.

The CLI command to enable termination protection is below.

aws ec2 modify-instance-attribute --disable-api-termination --instance-id INSTANCE_ID

Replace INSTANCE_ID with your instance Id, and this is how it looks like-

aws ec2 modify-instance-attribute --disable-api-termination --instance-id i-0150e24b7b1c22c95

Use above command and hit enter.

It doesn’t gives any output. So, let’s check the status of disableApiTermination attribute by below command

aws ec2 describe-instance-attribute --instance-id i-0150e24b7b1c22c95 --attribute disableApiTermination

And, as you can see in below screenshot, it shows that value of this attribute is true. That means we have successfully enabled termination protection on our instance.

Note: If you want to enable termination protection on more then one instance at a time, specify all the instance Id separated by space and it will work fine.

for example-

aws ec2 modify-instance-attribute --disable-api-termination --instance-id id1 id2 id3

How to Terminate an EC2 instance on Which Termination Protection is Enabled?

Well, if you have got an EC2 instance on which termination protection is enabled. As obvious as it sounds, you need to disable the termination protection first. After that, you can terminate your EC2 instance successfully.

Using Console:

Navigate to path EC2 Instance -> Actions -> Instance settings -> Change termination protection and disable termination protection.

Using CLI:

aws ec2 modify-instance-attribute --no-disable-api-termination --instance-id INSTANCEID

Once you have disabled terminate protection, you can terminate your EC2 instance fine.

Conclusion

In this post, we learnt how to enable termination protection on an EC2 instance. We also learnt that by enabling this feature, we make sure that our instance is not terminated accidentally by someone from console, CLI or API.

After, we enabled this setting, we tried terminating the instance using console and we saw the error that the instance can’t be terminated and we must modify disableApiTermination attribute, make it to false and try again.

We also saw set of CLI commands to enable termination protection, verify it and then disable termination protection using CLI.

Hope this was helpful to you. Please leave a comment to let me know how the post can be improved.

Enjoyed the content?

Subscribe to our newsletter below to get awesome AWS learning materials delivered straight to your inbox.

If you liked reading my post, you can motivate me by-

Suggested Read:

2 thoughts on “How to Enable Termination Protection on an EC2 Instance

Leave a Reply

Your email address will not be published. Required fields are marked *