diff --git a/src/cfnlint/rules/resources/RetentionPeriodOnResourceTypesWithAutoExpiringContent.py b/src/cfnlint/rules/resources/RetentionPeriodOnResourceTypesWithAutoExpiringContent.py index c7f65c9c12..1025390ba2 100644 --- a/src/cfnlint/rules/resources/RetentionPeriodOnResourceTypesWithAutoExpiringContent.py +++ b/src/cfnlint/rules/resources/RetentionPeriodOnResourceTypesWithAutoExpiringContent.py @@ -66,8 +66,15 @@ def match(self, cfn): { "Attribute": "BackupRetentionPeriod", "SourceUrl": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-backupretentionperiod", - "CheckAttribute": "Engine", - "CheckAttributeRegex": re.compile("^((?!aurora).)*$"), + "Checks": [ + { + "CheckAttribute": "Engine", + "CheckAttributeRegex": re.compile("aurora.*"), + }, + { + "CheckAttributeNotSet": "SourceDBInstanceIdentifier", + }, + ], } ], "AWS::RDS::DBCluster": [ @@ -94,14 +101,20 @@ def match(self, cfn): value = property_set.get(attr_def.get("Attribute")) if not value: message = f'The default retention period will delete the data after a pre-defined time. Set an explicit values to avoid data loss on resource : {"/".join(str(x) for x in error_path)}' - if attr_def.get("CheckAttribute"): - if self._validate_property( - property_set.get( - attr_def.get("CheckAttribute") - ), - attr_def.get("CheckAttributeRegex"), - ): - matches.append(RuleMatch(error_path, message)) + for check in attr_def.get("Checks", []): + if "CheckAttribute" in check: + if self._validate_property( + property_set.get( + check.get("CheckAttribute") + ), + check.get("CheckAttributeRegex"), + ): + break + if "CheckAttributeNotSet" in check: + if property_set.get( + check.get("CheckAttributeNotSet") + ): + break else: matches.append(RuleMatch(error_path, message)) if isinstance(value, dict): diff --git a/test/fixtures/templates/good/resources/rds/retention_period.yaml b/test/fixtures/templates/good/resources/rds/retention_period.yaml index b239763086..9235db370d 100644 --- a/test/fixtures/templates/good/resources/rds/retention_period.yaml +++ b/test/fixtures/templates/good/resources/rds/retention_period.yaml @@ -18,4 +18,24 @@ Resources: PerformanceInsightsKMSKeyId: !Ref KmsKey PerformanceInsightsRetentionPeriod: 7 PubliclyAccessible: false + ReadReplica: + Type: AWS::RDS::DBInstance + DeletionPolicy: Retain + UpdateReplacePolicy: Retain + Properties: + AllowMajorVersionUpgrade: false + AutoMinorVersionUpgrade: !Ref AutoMinorVersionUpgrade + DBClusterIdentifier: !Ref AuroraCluster + DBInstanceClass: !Ref InstanceClass + DBInstanceIdentifier: "MyAuroraInstance" + DBParameterGroupName: !Ref ParamGroup + DBSubnetGroupName: !Ref SubnetGroup + DeleteAutomatedBackups: !Ref DeleteAutomatedBackups + EnablePerformanceInsights: !Ref EnablePerformanceInsights + Engine: mysql + SourceDBInstanceIdentifier: SourceDb # marks a read replica and doesn't need backups + EngineVersion: !Ref EngineVersion + PerformanceInsightsKMSKeyId: !Ref KmsKey + PerformanceInsightsRetentionPeriod: 7 + PubliclyAccessible: false \ No newline at end of file