Read replicas don't need backup period (#3171)

src/cfnlint/rules/resources/RetentionPeriodOnResourceTypesWithAutoExpiringContent.py

@@ -66,8 +66,15 @@ def match(self, cfn):
                 {
                     "Attribute": "BackupRetentionPeriod",
                     "SourceUrl": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-backupretentionperiod",
-                    "CheckAttribute": "Engine",
-                    "CheckAttributeRegex": re.compile("^((?!aurora).)*$"),
+                    "Checks": [
+                        {
+                            "CheckAttribute": "Engine",
+                            "CheckAttributeRegex": re.compile("aurora.*"),
+                        },
+                        {
+                            "CheckAttributeNotSet": "SourceDBInstanceIdentifier",
+                        },
+                    ],
                 }
             ],
             "AWS::RDS::DBCluster": [
@@ -94,14 +101,20 @@ def match(self, cfn):
                             value = property_set.get(attr_def.get("Attribute"))
                             if not value:
                                 message = f'The default retention period will delete the data after a pre-defined time. Set an explicit values to avoid data loss on resource : {"/".join(str(x) for x in error_path)}'
-                                if attr_def.get("CheckAttribute"):
-                                    if self._validate_property(
-                                        property_set.get(
-                                            attr_def.get("CheckAttribute")
-                                        ),
-                                        attr_def.get("CheckAttributeRegex"),
-                                    ):
-                                        matches.append(RuleMatch(error_path, message))
+                                for check in attr_def.get("Checks", []):
+                                    if "CheckAttribute" in check:
+                                        if self._validate_property(
+                                            property_set.get(
+                                                check.get("CheckAttribute")
+                                            ),
+                                            check.get("CheckAttributeRegex"),
+                                        ):
+                                            break
+                                    if "CheckAttributeNotSet" in check:
+                                        if property_set.get(
+                                            check.get("CheckAttributeNotSet")
+                                        ):
+                                            break
                                 else:
                                     matches.append(RuleMatch(error_path, message))
                             if isinstance(value, dict):

test/fixtures/templates/good/resources/rds/retention_period.yaml

@@ -18,4 +18,24 @@ Resources:
       PerformanceInsightsKMSKeyId: !Ref KmsKey
       PerformanceInsightsRetentionPeriod: 7
       PubliclyAccessible: false
+  ReadReplica:
+    Type: AWS::RDS::DBInstance
+    DeletionPolicy: Retain
+    UpdateReplacePolicy: Retain
+    Properties:
+      AllowMajorVersionUpgrade: false
+      AutoMinorVersionUpgrade: !Ref AutoMinorVersionUpgrade
+      DBClusterIdentifier: !Ref AuroraCluster
+      DBInstanceClass: !Ref InstanceClass
+      DBInstanceIdentifier: "MyAuroraInstance"
+      DBParameterGroupName: !Ref ParamGroup
+      DBSubnetGroupName: !Ref SubnetGroup
+      DeleteAutomatedBackups: !Ref DeleteAutomatedBackups
+      EnablePerformanceInsights: !Ref EnablePerformanceInsights
+      Engine: mysql
+      SourceDBInstanceIdentifier: SourceDb   # marks a read replica and doesn't need backups
+      EngineVersion: !Ref EngineVersion
+      PerformanceInsightsKMSKeyId: !Ref KmsKey
+      PerformanceInsightsRetentionPeriod: 7
+      PubliclyAccessible: false