AC_AWS_0052 flagging on Read Replica for PostgreSQL #1444
Description
- terrascan version: v1.16.0
- Operating System: Linux
Description
Hello, we have terrascan in our project and we noticed the first time we used terrascan version v1.16.0, we got a high finding for AC_AWS_0052 on a PostgreSQL read replica instance of ours:
{
"rule_name": "rdsBackupDisabled",
"description": "Ensure automated backups are enabled for AWS RDS instances",
"rule_id": "AC_AWS_0052",
"severity": "HIGH",
"category": "Data Protection",
"resource_name": "read-replica",
"resource_type": "aws_db_instance",
"file": "main.tf",
"line": 40
}
We see that v1.16.0 contains the following in the change log, which introduces AC_AWS_0052: e289cc6 Update RDS Policies (#1424)
Doing some digging, per AWS documentation for RDS - Working with Read Replicas, there's a grid about 20% down the page showing different DBs and for PostgresSQL it answers that automatic backups for read replica are not supported:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReadRepl.html
From what we could gather, this appears to be a false positive for our project since we have PostgresSQL and AWS confirms this isn't supported for it.
We are skipping this rule for now on our end, but is there a way the logic could be updated to only target particular DB's that truly have the support for automatic backups on read replicas?