feat(aws): Add new check to ensure RDS db clusters copy tags to snapshots

prowler-cloud / prowler

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

Apache License 2.0

10.76k stars 1.53k forks source link

Context

This new check ensures that Amazon RDS DB clusters are configured to automatically copy all tags to their snapshots upon creation. Tagging snapshots consistently with their parent DB clusters improves asset identification and inventory management, facilitating effective governance and security oversight.

Description

Added rds_cluster_copy_tags_to_snapshots check with its unit test.

Checklist

Are there new checks included in this PR? Yes / No
- If so, do we need to update permissions for the provider? Please review this carefully.
[ ] Review if the code is being covered by tests.
[ ] Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 89.16%. Comparing base (c2552ee) to head (1153069). Report is 6 commits behind head on master.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## master #4846 +/- ## ========================================== - Coverage 89.16% 89.16% -0.01% ========================================== Files 933 934 +1 Lines 28567 28585 +18 ========================================== + Hits 25473 25488 +15 - Misses 3094 3097 +3 ```

prowler-cloud / prowler