RDS with Insufficient Backup Recovery

RDS backup retention for clusters defaults to 1 day, this may not be enough to recover from an accidental or malicious data loss.

Remediation

Increase the back retention to more than the default value. See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster#backup_retention_period

Metadata

Severity: informational
Slug: rds-with-insufficient-backup-recovery

OWASP

A05:2021: Security Misconfiguration

Available Labs

Open Aws labs in SecDim Play for this vulnerability.

easy

RDS.aws

Other Easy AWS Signature

Play AppSec WarGames

Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.

For Companies Play Now

Got a comment?

Join our secure coding and AppSec community. A discussion board to share and discuss all aspects of secure programming, AppSec, DevSecOps, fuzzing, cloudsec, AIsec code review, and more.