Rule: EBS Volumes Should Be in a Backup Plan
This rule ensures that EBS volumes are included in a backup plan.
| Rule | EBS volumes should be in a backup plan |
| Framework | CISA-cyber-essentials |
| Severity | ✔ High |
Rule Description:
EBS volumes should be included in a backup plan as part of CISA Cyber Essentials. This rule aims to ensure that all Elastic Block Store (EBS) volumes in an AWS environment are regularly backed up to prevent data loss in the event of a failure or disaster. By including EBS volumes in the backup plan, organizations can meet the requirements of CISA Cyber Essentials regarding data protection and recovery.
Troubleshooting Steps:
If issues or errors are encountered while backing up EBS volumes, follow these troubleshooting steps:
- 1.
Verify IAM Roles: Ensure that the IAM role associated with the EC2 instances has the necessary permissions to create and manage backups. Check if the role has permissions like
,ec2:CreateSnapshot
, andec2:CreateTags
.ec2:DeleteSnapshot - 2.
Check Volume State: Confirm that the EBS volumes are in an available state and not detached or experiencing any other issues. If a volume is experiencing problems, troubleshoot the volume before attempting to back it up.
- 3.
Verify Backup Policy: Check the backup policy or schedule to ensure it is correctly configured. Make sure that the backup frequency and retention periods align with the organization's requirements and comply with CISA Cyber Essentials.
- 4.
Verify Sufficient Storage: Ensure that there is enough storage available in the designated backup location (such as Amazon S3) to accommodate the backup size of EBS volumes. If the storage space is insufficient, increase the storage capacity or delete unnecessary backups.
- 5.
Check Resource Constraints: Check for any limits on the number of EBS snapshots the AWS account can create. If the account is reaching the limit, request a limit increase from AWS support.
- 6.
Monitor Logging and Notifications: Enable logging and notifications related to EBS backups to proactively identify and resolve any failures or errors in the backup process. This will help in staying updated with the backup status and take immediate corrective actions if required.
Code Snippets:
- 1.Creating a Snapshot:
$ aws ec2 create-snapshot --volume-id <volume-id> --description "Backup snapshot"
- 1.Backup Automation using AWS Backup:
AWS Backup is a fully managed backup service that simplifies the creation, migration, restoration, and deletion of backups. Set up an automated backup plan for EBS volumes using AWS Backup console or AWS CLI.
Remediation Steps:
Follow these steps to ensure EBS volumes are included in the backup plan:
- 1.
Identify Target Volumes: Determine which Elastic Block Store (EBS) volumes need to be included in the backup plan. Consider the criticality and importance of data stored on each volume.
- 2.
Configure Backup Frequency: Decide on an appropriate backup frequency based on the organization's recovery point objective (RPO). Common frequencies include daily, weekly, or monthly backups.
- 3.
Define Retention Period: Determine the retention period based on the organization's recovery time objective (RTO) and compliance requirements, such as CISA Cyber Essentials. Retention periods can range from days to years.
- 4.
Implement Backup Automation: Utilize AWS Backup or other backup management tools to automate the backup process. Configure a backup policy, specifying the desired backup frequency and retention period.
- 5.
Verify Backup Status: Regularly monitor the backup process to ensure it runs successfully without any errors. Review backup logs and notifications for any issues.
- 6.
Test Data Recovery: Periodically test data recovery from the backed-up EBS volumes to ensure the backups are functional and can be successfully restored if needed.
By following these steps, EBS volumes will be included in the backup plan, helping to meet the requirements of CISA Cyber Essentials and ensuring data protection and recovery capabilities.