prowler icon indicating copy to clipboard operation
prowler copied to clipboard
verified publisher icon prowler-cloud

feat(aws): Add new RDS check to ensure db instances are protected by a backup plan

Open danibarranqueroo opened this issue 1 year ago • 1 comments

Context

This new check verifies whether Amazon RDS DB instances are covered by a comprehensive backup plan, crucial for ensuring data resilience and recovery. A backup plan is essential for protecting RDS instances against data loss or corruption. The control passes if an instance is included in an AWS Backup plan. Additionally, if the backupVaultLockCheck parameter is set to true, it requires that the backup be stored in a locked vault.

The parameter mentioned could have allowed this check to be configurable, verifying whether the backup plan is stored in a locked backup vault if set to true. However, I felt this was not the main goal of the check and could be confusing for users. Therefore, I decided to solely verify if RDS instances are covered by a backup plan. If it is considered best practice to have backup plans stored in locked vaults, perhaps this should be addressed in a new check applicable to all backup plans, not just those for RDS instances.

Additionally, implementing this check required modifications to the backup service due to the addition of a new call to the AWS API. This call allows to iterate over all resources protected by backup plans, ensuring that the instance being scanned is included.

Description

Added new rds_instance_protected_by_backup_plan check with its unit test and modify backup_serviceand its test.

Checklist

  • Are there new checks included in this PR? Yes / No
    • If so, do we need to update permissions for the provider? Please review this carefully.
  • [ ] Review if the code is being covered by tests.
  • [ ] Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

danibarranqueroo avatar Aug 28 '24 08:08 danibarranqueroo

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 88.89%. Comparing base (d62e748) to head (0b8b068). Report is 1208 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #4879      +/-   ##
==========================================
+ Coverage   88.83%   88.89%   +0.05%     
==========================================
  Files         941      942       +1     
  Lines       28897    28932      +35     
==========================================
+ Hits        25672    25720      +48     
+ Misses       3225     3212      -13
Components Coverage Δ
prowler 88.89% <100.00%> (+0.05%) :arrow_up:
api ∅ <ø> (∅)

codecov[bot] avatar Aug 28 '24 09:08 codecov[bot]