Description:

Amazon Relational Database Service (Amazon RDS) is a web service that makes it easier to set up, operate, and scale a relational database in the AWS Cloud. It provides cost-efficient, resizable capacity for an industry-standard relational database and manages common database administration tasks. This policy checks if RDS storage has retention enabled.


Remediation:


Backup Retention Period

You can set the backup retention period when you create a DB instance. If you don't set the backup retention period, the default backup retention period is one day if you create the DB instance using the Amazon RDS API or the AWS CLI. The default backup retention period is seven days if you create the DB instance using the console. After you create a DB instance, you can modify the backup retention period. You can set the backup retention period to between 0 and 35 days. Setting the backup retention period to 0 disables automated backups. Manual snapshot limits (100 per region) do not apply to automated backups.


Important

An outage occurs if you change the backup retention period from 0 to a non-zero value or from a non-zero value to 0.


Deleting Retained Automated Backups

To delete a retained automated backup


  1. Sign in to the AWS Management Console and open the Amazon RDS console at https://console.aws.amazon.com/rds/.
  2. In the navigation pane, choose Automated backups.
  3. Choose Retained.

        Retained tab for automated backups

  1. Choose the retained automated backup that you want to delete.
  2. For Actions, choose Delete.
  3. On the confirmation page, enter delete me and choose Delete.


Reference: 

    https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html