Severity Framework
Snyk CCSS
Rule category
Data / Backup
Is your enviroment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
- Snyk ID SNYK-CC-00731
- credit Snyk Research Team
Description
Failure to configure retention backup period for Amazon FSx for Windows File Server increases the risk of data loss and makes it difficult to restore files in case of accidental deletion or corruption. It is recommended to configure a retention backup period to ensure data availability and facilitate disaster recovery.
How to fix?
Set the automatic_backup_retention_days attribute in aws_fsx_lustre_file_system resource to a nonzero value.
Example Configuration
data "aws_vpc" "selected" {
filter {
name = "tag:Name"
values = ["aws-controltower-VPC"]
}
}
data "aws_subnet" "selected-1" {
filter {
name = "tag:Name"
values = ["aws-controltower-PrivateSubnet3A"]
}
}
data "aws_subnet" "selected-2" {
filter {
name = "tag:Name"
values = ["aws-controltower-PrivateSubnet1A"]
}
}
resource "aws_directory_service_directory" "rule-731" {
name = "corp.notexample.com"
password = "SuperSecretPassw0rd"
edition = "Standard"
type = "MicrosoftAD"
vpc_settings {
vpc_id = data.aws_vpc.selected.id
subnet_ids = [data.aws_subnet.selected-1.id, data.aws_subnet.selected-2.id]
}
}
resource "aws_fsx_windows_file_system" "valid-fsx-1" {
active_directory_id = aws_directory_service_directory.rule-731.id
subnet_ids = [data.aws_subnet.selected-1.id]
throughput_capacity = 1024
automatic_backup_retention_days = 15
storage_capacity = 1200
}
resource "aws_fsx_windows_file_system" "valid-fsx-2" {
active_directory_id = aws_directory_service_directory.rule-731.id
subnet_ids = [data.aws_subnet.selected-1.id]
throughput_capacity = 1024
automatic_backup_retention_days = 30
storage_capacity = 1200
}