RDS Cluster With Backup Disabled
- Query id: e542bd46-58c4-4e0f-a52a-1fb4f9548e02
- Query name: RDS Cluster With Backup Disabled
- Platform: Terraform
- Severity: Medium
- Category: Backup
- CWE: 665
- URL: Github
Description¶
RDS Cluster backup retention period should be specifically defined
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_rds_cluster" "postgresql" {
cluster_identifier = "aurora-cluster-demo"
engine = "aurora-postgresql"
availability_zones = ["us-west-2a", "us-west-2b", "us-west-2c"]
database_name = "mydb"
master_username = "foo"
master_password = "bar"
preferred_backup_window = "07:00-09:00"
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "aws_rds_cluster" "postgresql" {
cluster_identifier = "aurora-cluster-demo"
engine = "aurora-postgresql"
availability_zones = ["us-west-2a", "us-west-2b", "us-west-2c"]
database_name = "mydb"
master_username = "foo"
master_password = "bar"
backup_retention_period = 5
preferred_backup_window = "07:00-09:00"
}