Add policy pack: Enforce Automated Backup Retention Period for AWS RDS DB Instances #949
Conversation
rajlearner17
changed the title
There was a problem hiding this comment.
Pull Request Overview
This PR introduces a new Turbot policy pack to enforce a minimum automated backup retention period on AWS RDS DB instances.
Key changes:
- Defined Terraform variables and provider configuration for the new policy pack.
- Created policy settings resources to check/enforce retention period and retention days.
- Added a README with usage instructions and examples.
Reviewed Changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| variables.tf | Introduce test_resource_id variable (commented default) |
| providers.tf | Configure the Turbot provider requirement |
| policies.tf | Add two turbot_policy_setting resources for backup retention |
| main.tf | Define turbot_policy_pack and a conditional attachment resource |
| README.md | Document usage, testing instructions, and enforcement guidance |
Comments suppressed due to low confidence (1)
policy_packs/aws/rds/enforce_backup_retention_period_for_db_instances/main.tf:7
- [nitpick] The comment instructs to uncomment the attachment block, but the
turbot_policy_pack_attachmentresource is already active (viacount). Either comment out the block by default or update the instruction to reflect the current conditional setup.
# To test this policy pack by attaching it to a specific resource, uncomment the block below and provide a valid resource ID.
| variable "test_resource_id" { | ||
| description = "The Turbot resource ID to attach the policy pack to for testing." | ||
| type = string | ||
| # default = "1234567891234567" |
There was a problem hiding this comment.
The test_resource_id variable has no default, making it required on every run. Consider uncommenting or adding default = "" so that the test attachment block is optional without forcing a value.
| # default = "1234567891234567" | |
| default = "" |
Copilot uses AI. Check for mistakes.
| resource "turbot_policy_setting" "backup_retention_days" { | ||
| resource = turbot_policy_pack.enforce_backup_retention_period_for_db_instances.id | ||
| type = "tmod:@turbot/aws-rds#/policy/types/dbInstanceBackupRetentionPeriodDays" | ||
| value = 7 |
There was a problem hiding this comment.
[nitpick] The retention days value is hardcoded to 7. It would be more flexible to introduce a variable (e.g., min_backup_retention_days) so this can be adjusted without code changes.
Copilot uses AI. Check for mistakes.
| terraform apply -var="test_resource_id=358605999151417" | ||
| terraform destroy -var="test_resource_id=358605999151417" | ||
| ``` | ||
| **NOTE** This is commented out by default and can be used based in need. |
There was a problem hiding this comment.
Minor grammar: consider changing based in need to as needed for clarity.
| **NOTE** This is commented out by default and can be used based in need. | |
| **NOTE** This is commented out by default and can be used as needed. |
Copilot uses AI. Check for mistakes.
No description provided.