CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-CC-00143
- creditSnyk Research Team
Description
RDS automated backups are enabled by setting the backup retention period to a positive nonzero value. Backups should not be retained longer than is strictly necessary. When retention is properly configured, malicious individuals will be unable to retrieve data when it is no longer needed.
How to fix?
Ensure that the aws_db_instance or aws_rds_cluster backup_retention_period attribute is set to a nonzero value.
Example configuration:
resource "aws_db_instance" "example" {
backup_retention_period = 5
# other required fields here
}
resource "aws_rds_cluster" "example" {
backup_retention_period = 3
# other required fields here
}
Ensure that the AWS::RDS::DBInstance or AWS::RDS::DBCluster BackupRetentionPeriod property is set to a nonzero value.
Example configuration:
Type: AWS::RDS::DBInstance
Properties:
BackupRetentionPeriod: 5
# other required properties
Type: AWS::RDS::DBCluster
Properties:
BackupRetentionPeriod: 3
# other required properties