Amazon_RDS_18
Ensure that your RDS database instances have set a minimum backup retention period in order to achieve the compliance requirements. It is recommended a minimum (default) retention period of 7 (seven) days but you can adjust the minimumRetentionPeriod parameter value to narrow or extend the default retention period (AWS RDS allows a maximum retention period of thirty five days).
From Portal:
Configure your RDS backup retention policy to be at least 7 days.
1. Sign in to the AWS Management Console and open the Amazon RDS console at https://console.aws.amazon.com/rds/.
2. In the navigation pane, choose Databases, and then choose the DB instance that you want to modify.
3. Choose Modify.
4. In ‘Backup’ section,
a. From the ‘Backup Retention Period’ options set the retention period to at least 7 days.
b. Select ‘Start Time’ and ‘Duration’ in ‘Backup window’, which is the daily time range (in UTC) during which automated backups will be performed
5. Click ‘Continue’
6. On the confirmation page, select ‘Modify DB Instance’ to save your changes
From TF:
resource aws_db_instance” “default” {
allocated_storage = 10
engine = “mysql”
engine_version = “5.7”
instance_class = “db.t3.micro”
name = “mydb”
username = “foo”
password = “foobarbaz”
parameter_group_name = “default.mysql5.7”
skip_final_snapshot = true
+ backup_retention_period = 7 # number should be 7 or more
}
From Command Line:
aws rds modify-db-instance –region REGION –db-instance-identifier DBINSTANCE –backup-retention-period 7 –apply-immediately
References:
1. https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html
2. https://aws.amazon.com/rds/faqs/
3. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance
