Description

Failure to configure retention backup period for Amazon FSx for Windows File Server increases the risk of data loss and makes it difficult to restore files in case of accidental deletion or corruption. It is recommended to configure a retention backup period to ensure data availability and facilitate disaster recovery.

How to fix?

Set the automatic_backup_retention_days attribute in aws_fsx_lustre_file_system resource to a nonzero value.

Example Configuration


data "aws_vpc" "selected" {
  filter {
    name   = "tag:Name"
    values = ["aws-controltower-VPC"]
  }
}

data "aws_subnet" "selected-1" {
  filter {
    name   = "tag:Name"
    values = ["aws-controltower-PrivateSubnet3A"]
  }
}

data "aws_subnet" "selected-2" {
  filter {
    name   = "tag:Name"
    values = ["aws-controltower-PrivateSubnet1A"]
  }
}

resource "aws_directory_service_directory" "rule-731" {
  name     = "corp.notexample.com"
  password = "SuperSecretPassw0rd"
  edition  = "Standard"
  type     = "MicrosoftAD"

  vpc_settings {
    vpc_id     = data.aws_vpc.selected.id
    subnet_ids = [data.aws_subnet.selected-1.id, data.aws_subnet.selected-2.id]
  }

}

resource "aws_fsx_windows_file_system" "valid-fsx-1" {
  active_directory_id             = aws_directory_service_directory.rule-731.id
  subnet_ids                      = [data.aws_subnet.selected-1.id]
  throughput_capacity             = 1024
  automatic_backup_retention_days = 15
  storage_capacity                = 1200
}

resource "aws_fsx_windows_file_system" "valid-fsx-2" {
  active_directory_id             = aws_directory_service_directory.rule-731.id
  subnet_ids                      = [data.aws_subnet.selected-1.id]
  throughput_capacity             = 1024
  automatic_backup_retention_days = 30
  storage_capacity                = 1200
}

The FSx for Windows File Server does not have retention backup period configured Affecting FSx service in AWS

Severity

Is your environment affected by this misconfiguration?

Description

How to fix?

Example Configuration

Terraform