RDS clusters do not have an AWS Backup backup plan
Description
Ensure that RDS clusters are included in your backup plans for the AWS Backup. AWS Backup is a fully managed backup service that helps you protect your data in the cloud by automatically backing up your data to a secure, durable storage location. By creating a backup plan, you can ensure that your data is regularly backed up and can be recovered in the event of data loss or corruption.
Code Example
text
{
"resource "aws_rds_cluster" "rds_cluster_good" {
cluster_identifier = "aurora-cluster-demo"
engine = "aurora-mysql"
engine_version = "5.7.mysql_aurora.2.03.2"
availability_zones = ["us-west-2a", "us-west-2b", "us-west-2c"]
database_name = "mydb"
master_username = "foo"
master_password = "bar"
}
resource "aws_backup_plan" "example" {
name = "tf_example_backup_plan"
rule {
rule_name = "tf_example_backup_rule"
target_vault_name = "vault-name"
schedule = "cron(0 12 * * ? *)"
}
}
resource "aws_backup_selection" "backup_good" {
iam_role_arn = "arn:partition:service:region:account-id:resource-id"
name = "tf_example_backup_selection"
plan_id = aws_backup_plan.example.id
resources = [
aws_rds_cluster.rds_cluster_good.arn
]
}
",
}Remediation
Terraform
- Resource: aws_rds_cluster, aws_backup_plan, aws_backup_selection
- Arguments: plan_id and resources
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0447 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV2_AWS_8 |