Tags Not Copied to RDS Cluster Snapshot
- Query id: 6d3dead4-c6b2-4db7-81bd-3a83eae8f255
- Query name: Tags Not Copied to RDS Cluster Snapshot
- Platform: Terraform
- Severity: Low
- Category: Backup
- CWE: 284
- Risk score: 1.0
- URL: Github
Description¶
Tags of the RDS Cluster should be copied to the respective snapshots to ensure that snapshots retain important metadata for identification, cost allocation, and resource management
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_rds_cluster" "example" {
engine = "aurora-mysql"
cluster_identifier = "my-rds-cluster"
master_username = "admin"
master_password = "YourSecretPassword"
skip_final_snapshot = true
copy_tags_to_snapshot = false
}
Positive test num. 2 - tf file
resource "aws_rds_cluster" "example" {
engine = "aurora-mysql"
cluster_identifier = "my-rds-cluster"
master_username = "admin"
master_password = "YourSecretPassword"
skip_final_snapshot = true
}
Positive test num. 3 - tf file
resource "aws_db_instance" "example" {
allocated_storage = 20
engine = "mysql"
engine_version = "8.0"
instance_class = "db.t3.micro"
identifier = "my-rds-instance"
username = "admin"
password = "YourSecretPassword"
skip_final_snapshot = true
copy_tags_to_snapshot = false
}
Positive test num. 4 - tf file
Positive test num. 5 - tf file
Positive test num. 6 - tf file
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "aws_rds_cluster" "example" {
engine = "aurora-mysql"
cluster_identifier = "my-rds-cluster"
master_username = "admin"
master_password = "YourSecretPassword"
skip_final_snapshot = true
copy_tags_to_snapshot = true
}
Negative test num. 2 - tf file
resource "aws_db_instance" "example" {
allocated_storage = 20
engine = "mysql"
engine_version = "8.0"
instance_class = "db.t3.micro"
identifier = "my-rds-instance"
username = "admin"
password = "YourSecretPassword"
skip_final_snapshot = true
copy_tags_to_snapshot = true
}