-
Notifications
You must be signed in to change notification settings - Fork 117
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(cloud): add the DeletionProtection attribute to the RDS Cluster #1443
feat(cloud): add the DeletionProtection attribute to the RDS Cluster #1443
Conversation
I see. Thanks for the PR. Would you also mind creating a new Rego Rule for the clusters too? It would be similar to this rule we have for instances: https://github.com/aquasecurity/defsec/blob/master/rules/cloud/policies/aws/rds/enable_deletion_protection.rego - I think it could be beneficial for other users too. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
left a comment and you would also need to run make schema
and commit the changes to pass the tests.
I appreciate your warm dealing. Are these processes correct? |
# METADATA | ||
# title: "RDS Deletion Protection Disabled" | ||
# description: "Ensure deletion protection is enabled for RDS database instances." |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be changed to adapt for clusters instead of instances.
Fixes aquasecurity/trivy#5112
motivation
I want to avert some human mistakes in the RDS Cluster, but I can't detect them now.
( Now, I can only detect the RDS instance's deletionProtection. )
For example, the below codes are not working as intended.
So, I would like to add the DeletionProtection attribute to the RDS Cluster.