🛡️ AWS 108: Adding a Safety Latch - Enabling EC2 Stop Protection

Source: Dev.to

Overview

In this tutorial we enable Stop Protection for the EC2 instance datacenter-ec2 in the us-east-1 region.
Stop Protection prevents an instance from being stopped via the AWS Management Console, CLI, or API until the protection is manually disabled. This adds a safety net against accidental shutdowns of critical workloads.

Enabling Stop Protection

1. Log in to the AWS Management Console and open the EC2 Dashboard.
2. Ensure the region is set to US East (N. Virginia) – us-east-1.
3. Click Instances (running).
4. Locate and select the instance named datacenter-ec2.
5. With the instance selected, click the Actions button → Instance settings → Change stop protection.
6. In the configuration screen, check the box Enable and click Save.

Verify Protection

1. While the instance remains selected, choose Instance state → Stop instance.
2. You should see a notification or error message indicating that stop protection is enabled and the instance cannot be stopped.

Success! The instance is now protected from accidental shutdowns.

Important Considerations

• Human‑error mitigation: Stop protection adds a deliberate two‑step process (disable protection → stop) to prevent accidental clicks.
• Operational stability: Ideal for “always‑on” resources such as databases, NAT instances, or any core application hub.
• Not a permanent lock: Administrators can still stop the instance after first disabling the protection.
• OS‑level shutdowns: The protection only blocks stops initiated via AWS tools. Running sudo shutdown now from within the instance will still shut it down.
• Maintenance windows: Remember to disable stop protection before scheduled maintenance or automated scripts that stop instances.

By enabling stop protection, you add an extra layer of operational safety, helping ensure that critical workloads remain available throughout the migration and beyond.