v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/aws_compliance
Overview
32Dashboards
1295Controls
585Queries
4Variables
GitHub

Control: 11 RDS instances should have automatic backups enabled

Description

This control checks whether Amazon Relational Database Service instances have automated backups enabled and the backup retention period is greater than or equal to seven days. The control fails if backups are not enabled, and if the retention period is less than 7 days.

Backups help you more quickly recover from a security incident and strengthens the resilience of your systems. Amazon RDS provides an easy way to configure daily full instance volume snapshots. For more details on Amazon RDS automated backups, see Working with Backups in the Amazon RDS User Guide.

Remediation

To enable automated backups on an RDS DB instance, see Enabling automated backups in the Amazon RDS User Guide.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.foundational_security_rds_11

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.foundational_security_rds_11 --share

SQL

This control uses a named query:

rds_db_instance_backup_enabled

Tags

aws_foundational_security = true
category = Compliance
foundational_security_category = backups_enabled
foundational_security_item_id = rds_11
plugin = aws
service = AWS/RDS