AWS RDS instance with copy tags to snapshots disabled
Description
This policy ensures that tags are copied when creating snapshots of an Amazon RDS database instance. Tags are metadata that you can assign to AWS resources. They enable you to categorize resources in different ways, for example, by purpose, owner, or environment. When tags are copied to snapshots, it provides continuity and orderliness in managing resources, especially when using cost allocation reports.
Code Example
go
resource "aws_db_instance" "mysql" {
name = "mydb"
engine = "mysql"
instance_class = "db.t3.micro"
allocated_storage = "20"
tags = {Name = "mydb"}
+ copy_tags_to_snapshot = true
}Remediation
Terraform
- Resource: aws_db_instance
- Arguments: copy_tags_to_snapshot
The issue can be fixed by setting the `copy_tags_to_snapshot` attribute to true in the database instance resource block of the Terraform file.
Secure code example:
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0494 |
| Severity | INFO |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV2_AWS_60 |