Specify Backup Retention

RDS Cluster and RDS instance should have backup retention longer than default 1 day

RDS backup retention for clusters defaults to 1 day, this may not be enough to identify and respond to an issue. Backup retention periods should be set to a period that is a balance on cost and limiting risk.

Impact

Recommended Actions

Follow the appropriate remediation steps below to resolve the issue.

Explicitly set the retention period to greater than the default

1
2
3
4
5


Resources:
  GoodExample:
    Type: AWS::RDS::DBInstance
    Properties:
      BackupRetentionPeriod: 30

Explicitly set the retention period to greater than the default

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11


resource "aws_rds_cluster" "good_example" {
  cluster_identifier      = "aurora-cluster-demo"
  engine                  = "aurora-mysql"
  engine_version          = "5.7.mysql_aurora.2.03.2"
  availability_zones      = ["us-west-2a", "us-west-2b", "us-west-2c"]
  database_name           = "mydb"
  master_username         = "foo"
  master_password         = "bar"
  backup_retention_period = 5
  preferred_backup_window = "07:00-09:00"
}

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12


resource "aws_db_instance" "good_example" {
  allocated_storage       = 10
  engine                  = "mysql"
  engine_version          = "5.7"
  instance_class          = "db.t3.micro"
  name                    = "mydb"
  username                = "foo"
  password                = "foobarbaz"
  parameter_group_name    = "default.mysql5.7"
  backup_retention_period = 5
  skip_final_snapshot     = true
}

RDS Cluster and RDS instance should have backup retention longer than default 1 day

Impact

Recommended Actions

Remediation Links

Links