RDS With Backup Disabled

• Query id: e69890e6-fce5-461d-98ad-cb98318dfc96
• Query name: RDS With Backup Disabled
• Platform: Ansible
• Severity: Medium
• Category: Backup
• CWE: 754
• URL: Github

Description

Make sure the AWS RDS configuration has automatic backup configured. If the retention period is equal to 0 there is no backup
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file

---
- name: create minimal aurora instance in default VPC and default subnet group
  community.aws.rds_instance:
    engine: aurora
    db_instance_identifier: ansible-test-aurora-db-instance
    instance_type: db.t2.small
    password: "{{ password }}"
    username: "{{ username }}"
    cluster_id: ansible-test-cluster  # This cluster must exist - see rds_cluster to manage it
    backup_retention_period: 0

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

- name: create minimal aurora instance in default VPC and default subnet group
  community.aws.rds_instance:
    engine: aurora
    db_instance_identifier: ansible-test-aurora-db-instance
    instance_type: db.t2.small
    password: '{{ password }}'
    username: '{{ username }}'
    cluster_id: ansible-test-cluster  # This cluster must exist - see rds_cluster to manage it
    backup_retention_period: 5
- name: create minimal aurora instance in default VPC and default subnet group2
  community.aws.rds_instance:
    engine: aurora
    db_instance_identifier: ansible-test-aurora-db-instance
    instance_type: db.t2.small
    password: '{{ password }}'
    username: '{{ username }}'
    cluster_id: ansible-test-cluster  # This cluster must exist - see rds_cluster to manage it