RDS Cluster With Backup Disabled

  • Query id: e542bd46-58c4-4e0f-a52a-1fb4f9548e02
  • Query name: RDS Cluster With Backup Disabled
  • Platform: Terraform
  • Severity: Medium
  • Category: Best Practices
  • URL: Github

Description

RDS Cluster backup retention period should be specifically defined
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "aws_rds_cluster" "postgresql" {
  cluster_identifier      = "aurora-cluster-demo"
  engine                  = "aurora-postgresql"
  availability_zones      = ["us-west-2a", "us-west-2b", "us-west-2c"]
  database_name           = "mydb"
  master_username         = "foo"
  master_password         = "bar"
  preferred_backup_window = "07:00-09:00"
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "aws_rds_cluster" "postgresql" {
  cluster_identifier      = "aurora-cluster-demo"
  engine                  = "aurora-postgresql"
  availability_zones      = ["us-west-2a", "us-west-2b", "us-west-2c"]
  database_name           = "mydb"
  master_username         = "foo"
  master_password         = "bar"
  backup_retention_period = 5
  preferred_backup_window = "07:00-09:00"
}