Update aws_efs_files_have_backup_with_lifecyclepolicy_above_35_days.yaml

acx1729 · web-flow · commit f2421e68865b · 2025-02-03T13:36:05.000-05:00
diff --git a/compliance/controls/baseline/aws/backup/aws_efs_files_have_backup_with_lifecyclepolicy_above_35_days.yaml b/compliance/controls/baseline/aws/backup/aws_efs_files_have_backup_with_lifecyclepolicy_above_35_days.yaml
@@ -1,5 +1,5 @@
 id: aws_efs_files_have_backup_with_lifecyclepolicy_above_35_days
-title: EFS Filesystems have Backup Retention > 35 Days
+title: Production EFS Filesystem Backups: Minimum Retention of 35 Days
 type: control
 description: Ensure all EFS files are covered by a backup plan with a minimum of Life Cycle Policy 35 days
 integration_type:
@@ -16,12 +16,12 @@ policy:
       FROM
         aws_backup_recovery_point
       WHERE
-        now() - creation_date < '35 days'::interval
-        AND (lifecycle ->> 'DeleteAfterDays')::INT >= 35
+        -- Use the parameter for the 'days' value
+        now() - creation_date < '{{.fileSystemRetentionDays}} days'::interval
+        AND (lifecycle ->> 'DeleteAfterDays')::INT >= {{.fileSystemRetentionDays}}
         AND resource_type = 'EFS'
         AND status = 'COMPLETED'
     )
-    
     SELECT
       f.arn AS resource,
       platform_integration_id AS platform_integration_id,
@@ -31,11 +31,11 @@ policy:
         ELSE 'ok'
       END AS status,
       CASE
-        WHEN p.recovery_point_arn IS NULL THEN 'lacks a backup configuration with a minimum of 35 days'
+        WHEN p.recovery_point_arn IS NULL THEN 'lacks a backup configuration with a minimum of {{.fileSystemRetentionDays}} days'
         ELSE ''
       END AS reason,
       region,
-      account_id 
+      account_id
     FROM
       aws_efs_file_system AS f
     LEFT JOIN
