Ensure that your RDS database instances have set a minimum backup retention period in order to achieve the compliance requirements. Cloud Conformity recommends a minimum (default) retention period of 7 (seven) days but you can adjust the minimumRetentionPeriod parameter value to narrow or extend the default retention period (AWS RDS allows a maximum retention period of thirty five days).
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Having a minimum retention period set for RDS database instances will enforce your backup strategy to follow the best practices as specified in the compliance regulations. Retaining point-in-time RDS snapshots for a longer period of time will allow you to handle more efficiently your data restoration process in the event of failure.
Note: This guide will use 7 days (recommended) as the threshold for the minimum backup retention period. However, you can adjust anytime the number of days to suit your requirements.
Audit
To determine if your RDS instances have the sufficient backup retention period (≥ 7 days) set for automated backups, perform the following:
Remediation / Resolution
To update your RDS instances automated backups configuration and extend the retention period, perform the following:
References
- AWS Documentation
- Amazon RDS FAQs
- Amazon RDS DB Instance Lifecycle
- DB Instance Backups
- Working With Automated Backups
- Modifying a DB Instance and Using the Apply Immediately Parameter
- AWS Command Line Interface (CLI) Documentation
- rds
- describe-db-instances
- modify-db-instance
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
RDS Sufficient Backup Retention Period
Risk level: Medium