AWS Config Rule: DocumentDB Cluster Backup Retention Check

Description: Checks if an Amazon Document DB cluster retention period is set to specific number of days. The rule is NON_COMPLIANT if the retention period is less than the value specified by the parameter.

Trigger type: Configuration changes

AWS Region: Only available in Asia Pacific (Mumbai), Europe (Paris), US East (Ohio), Europe (Ireland), Europe (Frankfurt), South America (Sao Paulo), US East (N. Virginia), Asia Pacific (Seoul), Europe (London), Europe (Milan), Asia Pacific (Tokyo), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Sydney), Canada (Central), China (Ningxia) Region

This config rules checks if the retention period of a backup is set to a defined number of days. The rule will be marked as non-compliant if the retention value is set to a lower number compared with the defined parameter.

In order to resolve this, head on over DocumentDB dashboard in the AWS Console, find the cluster you want to edit and click on its name. From there, go to Configuration tab and click on Modify button. 

Locate the Backup card and select a value of 7 (which is the minimum default value) or a greater one. 

Click on Continue, review and define the scheduling of modifications and finally click on Modify Cluster button.

You can check the following screenshot as a visual reference:

StackZone can automatically resolve your non-compliant DocumentDB Cluster backup retention period by running an automation script. This remediation will set the value to 7 which is the default compliant value.

To enable this remediation from the StackZone console head on over to Provisioning > Baseline Services > AWS Config Rules Regional > Amazon DocumentDB and enable the DocumentDB Cluster Backup Retention Remediation.

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here