Risk Level: High
Cloud Entity: Amazon RDS
CloudGuard Rule ID: D9.AWS.DR.03
Covered by Spectral: Yes
Category: Database

GSL LOGIC

RDS should have backupRetentionPeriod>6

REMEDIATION

From Portal
Configure your RDS backup retention policy to be at least 7 days.

Sign in to the AWS Management Console and open the Amazon RDS console at https://console.aws.amazon.com/rds/.
In the navigation pane, choose Databases, and then choose the DB instance that you want to modify.
Choose Modify.
In 'Backup' section,
a. From the 'Backup Retention Period' options set the retention period to at least 7 days.
b. Select 'Start Time' and 'Duration' in 'Backup window', which is the daily time range (in UTC) during which automated backups will be performed
Click 'Continue'
On the confirmation page, select 'Modify DB Instance' to save your changes

From TF

resource "aws_db_instance" "default" {
	allocated_storage    = 10
	engine               = "mysql"
	engine_version       = "5.7"
	instance_class       = "db.t3.micro"
	name                 = "mydb"
	username             = "foo"
	password             = "foobarbaz"
	parameter_group_name = "default.mysql5.7"
	skip_final_snapshot  = true
	+ backup_retention_period = 7 # number should be 7 or more
}

From Command Line
aws rds modify-db-instance --region REGION --db-instance-identifier DBINSTANCE --backup-retention-period 7 --apply-immediately

References

Amazon RDS

Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need.

Compliance Frameworks

AWS CIS Controls V 8
AWS CSA CCM v.4.0.1
AWS CloudGuard Best Practices
AWS CloudGuard SOC2 based on AICPA TSC 2017
AWS CloudGuard Well Architected Framework
AWS HITRUST
AWS HITRUST v11.0.0
AWS ISO27001:2022
AWS ITSG-33
AWS MAS TRM Framework
AWS MITRE ATT&CK Framework v10
AWS MITRE ATT&CK Framework v11.3
AWS NIST 800-53 Rev 5
AWS PCI-DSS 4.0
CloudGuard AWS All Rules Ruleset