RDS Instance Retention Period Not Recommended
- Query id: dc158941-28ce-481d-a7fa-dc80761edf46
- Query name: RDS Instance Retention Period Not Recommended
- Platform: Terraform
- Severity: Medium
- Category: Observability
- URL: Github
Description¶
RDS Instance SQL Retention Period should be greater than 180
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "alicloud_db_instance" "default" {
engine = "MySQL"
engine_version = "5.6"
db_instance_class = "rds.mysql.t1.small"
db_instance_storage = "10"
parameters = [{
name = "innodb_large_prefix"
value = "ON"
},{
name = "connect_timeout"
value = "50"
},{
name = "log_connections"
value = "ON"
}]
}
Positive test num. 2 - tf file
resource "alicloud_db_instance" "default" {
engine = "MySQL"
engine_version = "5.6"
db_instance_class = "rds.mysql.t1.small"
db_instance_storage = "10"
sql_collector_status = "Disabled"
parameters = [{
name = "innodb_large_prefix"
value = "ON"
},{
name = "connect_timeout"
value = "50"
},{
name = "log_connections"
value = "ON"
}]
}
Positive test num. 3 - tf file
resource "alicloud_db_instance" "default" {
engine = "MySQL"
engine_version = "5.6"
db_instance_class = "rds.mysql.t1.small"
db_instance_storage = "10"
sql_collector_status = "Enabled"
parameters = [{
name = "innodb_large_prefix"
value = "ON"
},{
name = "connect_timeout"
value = "50"
},{
name = "log_connections"
value = "ON"
}]
}
Positive test num. 4 - tf file
resource "alicloud_db_instance" "default" {
engine = "MySQL"
engine_version = "5.6"
db_instance_class = "rds.mysql.t1.small"
db_instance_storage = "10"
sql_collector_status = "Enabled"
sql_collector_config_value = 30
parameters = [{
name = "innodb_large_prefix"
value = "ON"
},{
name = "connect_timeout"
value = "50"
},{
name = "log_connections"
value = "ON"
}]
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "alicloud_db_instance" "default" {
engine = "MySQL"
engine_version = "5.6"
db_instance_class = "rds.mysql.t1.small"
db_instance_storage = "10"
sql_collector_status = "Enabled"
sql_collector_config_value = 180
parameters = [{
name = "innodb_large_prefix"
value = "ON"
},{
name = "connect_timeout"
value = "50"
},{
name = "log_connections"
value = "ON"
}]
}