AWS RDS Instance With Copy Tags To Snapshots Disabled

This policy identifies RDS instances which have copy tags to snapshots disabled. Copy tags to snapshots copies all the user-defined tags from the DB instance to snapshots. Copying tags allow you to add metadata and apply access policies to your Amazon RDS resources.

Policy Details

Policy Subtype
Run, Build
Severity
Low
Template Type
CloudFormation

Build Rules

AWS RDS instance with copy tags to snapshots disabled.
JSON Query:
$.Resources.*[?(@.Type=='AWS::RDS::DBInstance')].Properties.CopyTagsToSnapshot any null or $.Resources.*[?(@.Type=='AWS::RDS::DBInstance')].Properties.CopyTagsToSnapshot any equal false
Recommendation:
Recommended solution to enable CopyTagsToSnapshot.
It is recommended that CopyTagsToSnapshot should be enabled. Please make sure that "CopyTagsToSnapshot" attribute exists and is set to "true".
For example:
"MyDB1": { "Type": "AWS::RDS::DBInstance", "Properties": { "AllocatedStorage": "100", "DBInstanceClass": "db.t3.small", "CopyTagsToSnapshot": true } }

Run Rule Recommendation

  1. Sign into the AWS console.
  2. In the console, select the specific region from region drop down on the top right corner, for which the alert is generated.
  3. Navigate to Amazon RDS console.
  4. Choose Instances, and then select the reported DB instance.
  5. On 'Instance Actions' drop-down list, choose 'Modify'.
  6. In 'Backup' section for the 'Copy tags to snapshots', select 'Yes'.
  7. Click on 'Continue'.
  8. On the 'Summary of Modifications' panel, review the configuration changes. From 'Scheduling of Modifications' section, select whether changes to 'Apply immediately' or 'Apply during the next scheduled maintenance window'.
  9. On the confirmation page, Review the changes and Click on 'Modify DB Instance' to save your changes.

Recommended For You