RDS with backup disabled

ID

aws_rds_backup_disabled

Severity

low

Vendor

AWS

Resource

Backup recovery

Tags

non-reachable

Description

RDS with backup disabled. You cannot restore the RDS if an error occurs or if the RDS is corrupted. When you create a new RDS you can configure backup retention period with the days that the backups are retained.

To fix it you must configure backup_retention_period > 0.

Learn more about this topic at AWS RDS backups.

Examples

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: DB instance
      amazon.aws.rds_instance:
        id: test-encrypted-db
        state: present
        engine: mariadb
        storage_encrypted: True
        db_instance_class: db.t2.medium
        username: "{{ username }}"
        password: "{{ password }}"
        allocated_storage: "{{ allocated_storage }}"
        backup_retention_period: 0

Mitigation / Fix

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: DB instance
      amazon.aws.rds_instance:
        id: test-encrypted-db
        state: present
        engine: mariadb
        storage_encrypted: True
        db_instance_class: db.t2.medium
        username: "{{ username }}"
        password: "{{ password }}"
        allocated_storage: "{{ allocated_storage }}"
        backup_retention_period: 15