diff --git a/checks/cloud/aws/rds/enable_cluster_deletion_protection.rego b/checks/cloud/aws/rds/enable_cluster_deletion_protection.rego
index 496f4ddf..43344d1f 100644
--- a/checks/cloud/aws/rds/enable_cluster_deletion_protection.rego
+++ b/checks/cloud/aws/rds/enable_cluster_deletion_protection.rego
@@ -24,6 +24,7 @@ package builtin.aws.rds.aws0343
 
 deny[res] {
 	cluster := input.aws.rds.clusters[_]
+	isManaged(cluster.deletionprotection)
 	not cluster.deletionprotection.value
 	res := result.new("Cluster does not have Deletion Protection enabled", cluster.deletionprotection)
 }
diff --git a/checks/cloud/aws/rds/enable_cluster_deletion_protection_test.rego b/checks/cloud/aws/rds/enable_cluster_deletion_protection_test.rego
index 9fe551a0..0f3b4188 100644
--- a/checks/cloud/aws/rds/enable_cluster_deletion_protection_test.rego
+++ b/checks/cloud/aws/rds/enable_cluster_deletion_protection_test.rego
@@ -1,11 +1,17 @@
 package builtin.aws.rds.aws0343
 
-test_detects_when_disabled {
+test_deny_deletion_protection_disabled {
 	r := deny with input as {"aws": {"rds": {"clusters": [{"deletionprotection": {"value": false}}]}}}
 	count(r) == 1
 }
 
-test_when_enabled {
+test_allow_deletion_protection_enabled {
 	r := deny with input as {"aws": {"rds": {"clusters": [{"deletionprotection": {"value": true}}]}}}
 	count(r) == 0
 }
+
+# If there is no cluster for database instances, they are added to an empty cluster.
+test_allow_deletion_protection_disabled_but_instances_orphaned {
+	r := deny with input as {"aws": {"rds": {"clusters": [{"deletionprotection": {"__defsec_metadata": {"managed": false}, "value": false}}]}}}
+	count(r) == 0
+}