Detections
Analytics

Ensure database retention is enabled for Amazon Relational Database Service (Amazon RDS) cluster

MEDIUM

Description

AWS RDS database instances does not have backup retention enabled. This may impact the availability of data and affect disaster recovery plan.

Remediation

In AWS Console -

  1. Sign in to the AWS Console and open the RDS Console.
  2. Under Databases, choose the cluster you wish to edit.
  3. Select Modify.
  4. Expand the Additional configuration section.
  5. Under Backup, set the Backup retention period to something greater than 7 days.

In Terraform -

  1. In the aws_rds_cluster resource, set the value for backup_retention_period to something greater than 7 days.

References:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_CommonTasks.BackupRestore.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster#backup_retention_period

Policy Details

Rule Reference ID: AC_AWS_0464
CSP: AWS
Remediation Available: Yes
Domain: Resilience
Resource: aws_rds_cluster
Resource Category: Database
Resource Type: Relational Database Service (RDS)

Frameworks