Ensure backup retention period is set according to best practice for AWS DocumentDB clusters

MEDIUM

Description

DocumentDB cluster backup retention period if not set can impact the availability of the data.

Remediation

In AWS Console -

Sign in to AWS Console and go to DocumentDB dashboard.
Select Clusters in the navigation pane.
Select the AWS DocumentDB cluster to examine,and view the Cluster identifier column.
Verify the 'automated backups' configuration value to check if it is set to 7 days.

In Terraform -

In the aws_docdb_cluster resource, set the backup_retention_period field to a value greater than or equal to 7 days.

References:
https://docs.aws.amazon.com/documentdb/latest/developerguide/backup_restore.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/docdb_cluster

Policy Details

Rule Reference ID: AC_AWS_0072

CSP: AWS

Remediation Available: Yes

Domain: Data Protection

Resource: aws_docdb_cluster

Resource Category: Database

Resource Type: DocDB

Frameworks

GDPR
HIPAA
NIST-800-171
NIST-800-53
NIST-CSF
ISO-27001