Ensure RDS instances have backup policy

Automatic Backup creates a storage volume snapshot of your DB instance, backing up the entire DB instance and not just individual databases which provide for point-in-time recovery. The automatic backup will happen during a specified backup window time and keeps the backups for a period of time defined in the retention period. It is recommended to set Automatic Backups for your critical RDS servers that will help in the data restoration process.

Risk Level: Informational
Cloud Entity: Amazon RDS
CloudGuard Rule ID: D9.CFT.OPE.18
Covered by Spectral: Yes
Category: Database


AWS_RDS_DBInstance should have BackupRetentionPeriod>0


From CFT
Set AWS::RDS::DBInstance::BackupRetentionPeriod a value from 1 to 35.
See below example template;

Type: AWS::RDS::DBInstance

BackupRetentionPeriod: 7



  1. https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html
  2. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-backupretentionperiod

Amazon RDS

Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need.

Compliance Frameworks

  • AWS CloudFormation ruleset