Ensure copy tags to snapshots feature is enabled for Amazon Relational Database Service (Amazon RDS) clusters

LOW

Description

AWS RDS instances have copy tags to snapshots feature disabled which may not allow you to add metadata and apply access policies to your AWS RDS resources.

Remediation

In AWS Console -

Sign in to the AWS Console and open the RDS Console.
Under Databases, choose the cluster you wish to edit.
Select Modify.
Under Additional Configuration, in the Backup section, check the box for Copy tags to snapshots.

In Terraform -

In the aws_rds_cluster resource, set 'copy_tags_to_snapshot' to 'true'.

References:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_CommonTasks.BackupRestore.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster#copy_tags_to_snapshot

Policy Details

Rule Reference ID: AC_AWS_0187

CSP: AWS

Remediation Available: Yes

Domain: Compliance Validation

Resource: aws_rds_cluster

Resource Category: Database

Resource Type: Relational Database Service (RDS)

Frameworks

GDPR
NIST-800-171
NIST-800-53
NIST-CSF
HIPAA