AWS Config Rule: Backup Recovery Point Minimum Retention Check

Description: Checks if a recovery point expires no earlier than after the specified period. The rule is NON_COMPLIANT if the recovery point has a retention point that is less than the required retention period.

Trigger type: Configuration changes

AWS Region: All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region

By default, the requiredRetentionDays is configured for 35 days, which would mean that if your Recovery Points inside your AWS Backup Vaults have a Retention Period of less than 35 days, the rule would flag as NON_COMPLIANT.

To raise your Retention Point above the value of your requiredRetentionDays, you will need to locate your Backup Plan creating the backups within your AWS Backup.

Head to your AWS Backup Dashboard and head to the subheading Backup Plans. From here, select your Backup Plan and view the Summary. You can click edit to change your Retention Period similar to the image below.

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here