Ensure RDS clusters have an AWS Backup backup plan

Error: RDS clusters do not have an AWS Backup backup plan

Bridgecrew Policy ID: BC_AWS_GENERAL_49
Checkov Check ID: CKV2_AWS_8
Severity: LOW

RDS clusters do not have an AWS Backup backup plan

Description

Ensure that RDS clusters are included in your backup plans for the AWS Backup. AWS Backup is a fully managed backup service that helps you protect your data in the cloud by automatically backing up your data to a secure, durable storage location. By creating a backup plan, you can ensure that your data is regularly backed up and can be recovered in the event of data loss or corruption.

Fix - Buildtime

Terraform

  • Resource: aws_rds_cluster, aws_backup_plan, aws_backup_selection
  • Argument: plan_id and resources
resource "aws_rds_cluster" "rds_cluster_good" {
  cluster_identifier      = "aurora-cluster-demo"
  engine                  = "aurora-mysql"
  engine_version          = "5.7.mysql_aurora.2.03.2"
  availability_zones      = ["us-west-2a", "us-west-2b", "us-west-2c"]
  database_name           = "mydb"
  master_username         = "foo"
  master_password         = "bar"
}


resource "aws_backup_plan" "example" {
  name = "tf_example_backup_plan"

  rule {
    rule_name         = "tf_example_backup_rule"
    target_vault_name = "vault-name"
    schedule          = "cron(0 12 * * ? *)"
  }
}

resource "aws_backup_selection" "backup_good" {
  iam_role_arn = "arn:partition:service:region:account-id:resource-id"
  name         = "tf_example_backup_selection"
  plan_id      = aws_backup_plan.example.id

  resources = [
    aws_rds_cluster.rds_cluster_good.arn
  ]
}