Ensure backtracking is enabled for Amazon Relational Database Service (Amazon RDS) cluster

MEDIUM

Description

Amazon Aurora MySQL database clusters have backtracking disabled. Backtracking allows you to revert the DB cluster to a specific point in time, in case of failure.

Remediation

In AWS Console -

Sign in to the AWS Console and go to the Amazon RDS console.
Select Databases.
Select the cluster that you want to modify, and select Modify.
For Target Backtrack window, set it to 24 hours.

In Terraform -

In the aws_rds_cluster resource, set 'backtrack_window' to '86400' (as it is 24 hours in seconds).

References:
https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Managing.Backtrack.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster#backtrack_window

Policy Details

Rule Reference ID: AC_AWS_0190

CSP: AWS

Remediation Available: Yes

Domain: Compliance Validation

Resource: aws_rds_cluster

Resource Category: Database

Resource Type: Relational Database Service (RDS)

Frameworks

GDPR
NIST-800-171
NIST-800-53
NIST-CSF
HIPAA

Detections

Analytics