Severity Framework
Snyk CCSS
Rule category
General / Backup
Is your enviroment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
AWS-Well-Architected
CIS-Controls
CSA-CCM
GDPR
HIPAA
ISO-27001
PCI-DSS
SOC-2
- Snyk ID SNYK-CC-00143
- credit Snyk Research Team
Description
RDS automated backups are enabled by setting the backup retention period to a positive nonzero value. Backups should not be retained longer than is strictly necessary. When retention is properly configured, malicious individuals will be unable to retrieve data when it is no longer needed.
How to fix?
Ensure that the aws_db_instance or aws_rds_cluster backup_retention_period attribute is set to a nonzero value.
Example Configuration
resource "aws_db_instance" "example" {
backup_retention_period = 5
# other required fields here
}
resource "aws_rds_cluster" "example" {
backup_retention_period = 3
# other required fields here
}