RDS Cluster and RDS instance should have backup retention longer than default 1 day
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | rds |
| Provider | AWS |
| Vulnerability Type | omission |
Description#
RDS clusters and instances are configured with the default backup retention period of 1 day or less, which is insufficient for reliable data recovery and issue investigation. The configuration does not explicitly set a longer retention period, increasing the risk of data loss.
Impact#
If a database is compromised or data is corrupted, only one day’s worth of backups will be available for recovery, significantly increasing the risk of permanent data loss and reducing the ability to recover from accidental or malicious changes.
Resolution#
Explicitly set the retention period to greater than the default