Ensure that Amazon Aurora clusters have Copy Tags to Snapshots feature enabled

Make sure your Amazon Aurora database clusters utilize the "Copy Tags to Snapshots" feature. This ensures that any tags applied to your Aurora clusters will be automatically transferred to both automated and manual snapshots created from these clusters.

Suggest Edits

Risk Level: Informational
Cloud Entity: Amazon RDS
CloudGuard Rule ID: D9.AWS.DR.07
Covered by Spectral: No
Category: Database

GSL LOGIC

RDSDBCluster where engine='aurora-mysql' should have copyTagsToSnapshot=true

REMEDIATION

From Portal

  1. Go to the RDS dashboard.
  2. Choose the specific database you wish to review.
  3. Access the 'Maintenance & backups' tab.
  4. Scroll down to the Backup section and confirm that the 'Copy tags to snapshots' feature is activated.

From TF

resource 'aws_db_instance' 'example' {
	copy_tags = true
}

From Command Line
RUN

aws rds describe-db-clusters --region 'YOUR_REGION' --db-cluster-identifier 'DB_IDENTIFIER'  --query 'DBClusters[*].CopyTagsToSnapshot'

References

  1. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_snapshot_copy#copy_tags
  2. https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CopySnapshot.html

Amazon RDS

Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need.

Compliance Frameworks

  • CloudGuard AWS All Rules Ruleset

Updated 7 months ago