Amazon_RDS_18
Ensure that your RDS database instances have set a minimum backup retention period in order to achieve the compliance requirements. It is recommended a minimum (default) retention period of 7 (seven) days but you can adjust the minimumRetentionPeriod parameter value to narrow or extend the default retention period (AWS RDS allows a maximum retention period of thirty five days).
From Portal:
Configure your RDS backup retention policy to be at least 7 days.
1. Sign in to the AWS Management Console and open the Amazon RDS console at https://console.aws.amazon.com/rds/.
2. In the navigation pane, choose Databases, and then choose the DB instance that you want to modify.
3. Choose Modify.
4. In ‘Backup’ section,
a. From the ‘Backup Retention Period’ options set the retention period to at least 7 days.
b. Select ‘Start Time’ and ‘Duration’ in ‘Backup window’, which is the daily time range (in UTC) during which automated backups will be performed
5. Click ‘Continue’
6. On the confirmation page, select ‘Modify DB Instance’ to save your changes
From TF:
resource aws_db_instance” “default” {
allocated_storage = 10
engine = “mysql”
engine_version = “5.7”
instance_class = “db.t3.micro”
name = “mydb”
username = “foo”
password = “foobarbaz”
parameter_group_name = “default.mysql5.7”
skip_final_snapshot = true
+ backup_retention_period = 7 # number should be 7 or more
}
From Command Line:
aws rds modify-db-instance –region REGION –db-instance-identifier DBINSTANCE –backup-retention-period 7 –apply-immediately
References:
1. https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html
2. https://aws.amazon.com/rds/faqs/
3. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance
Want to Know More?
Learn how our partners are managing their cloud security and compliance with Cloudlytics.
I hereby accept the GDPR and Privacy Policy, by subscribing to the newsletters.
