Specify Backup Retention

RDS Cluster and RDS instance should have backup retention longer than default 1 day

RDS backup retention for clusters defaults to 1 day, this may not be enough to identify and respond to an issue. Backup retention periods should be set to a period that is a balance on cost and limiting risk.

Impact

Potential loss of data and short opportunity for recovery

Recommended Actions

Follow the appropriate remediation steps below to resolve the issue.

Explicitly set the retention period to greater than the default

1
2
3
4
5
6
7
8
9


AWSTemplateFormatVersion: 2010-09-09
Description: Good example
Resources:
  Queue:
    Type: AWS::RDS::DBInstance
    Properties:
      BackupRetentionPeriod: 30

Explicitly set the retention period to greater than the default

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13


 resource "aws_rds_cluster" "good_example" {
 	cluster_identifier      = "aurora-cluster-demo"
 	engine                  = "aurora-mysql"
 	engine_version          = "5.7.mysql_aurora.2.03.2"
 	availability_zones      = ["us-west-2a", "us-west-2b", "us-west-2c"]
 	database_name           = "mydb"
 	master_username         = "foo"
 	master_password         = "bar"
 	backup_retention_period = 5
 	preferred_backup_window = "07:00-09:00"
   }
 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13


   resource "aws_db_instance" "good_example" {
 	allocated_storage    = 10
 	engine               = "mysql"
 	engine_version       = "5.7"
 	instance_class       = "db.t3.micro"
 	name                 = "mydb"
 	username             = "foo"
 	password             = "foobarbaz"
 	parameter_group_name = "default.mysql5.7"
 	backup_retention_period = 5
 	skip_final_snapshot  = true
 }
 

RDS Cluster and RDS instance should have backup retention longer than default 1 day

Impact

Recommended Actions

Remediation Links

Links