This rule ensures RDS DB instance backup is enabled for data protection.
Rule | RDS DB instance backup should be enabled |
Framework | CISA-cyber-essentials |
Severity | ✔ Medium |
Rule Description: RDS DB instance backup should be enabled for CISA-cyber-essentials
Description:
Enabling regular backups for RDS (Relational Database Service) instances is an important security practice, especially for compliance with the CISA Cyber Essentials framework. RDS backups provide an additional layer of protection for critical data by allowing you to restore your database to a specific point in time in case of accidental data loss, user errors, or system failures.
Troubleshooting Steps:
Remediation Steps:
To enable backups for an RDS DB instance, follow these steps:
AWS Management Console:
AWS CLI:
describe-db-instances
command to list all the RDS instances:
aws rds describe-db-instances
modify-db-instance
command to enable automated backups and set the retention period:
Replaceaws rds modify-db-instance --db-instance-identifier <DB_INSTANCE_IDENTIFIER> --backup-retention-period <RETENTION_PERIOD>
<DB_INSTANCE_IDENTIFIER>
with the identifier of the DB instance, and <RETENTION_PERIOD>
with the desired number of days for retention (e.g., 7 for a 7-day retention period).aws rds describe-db-instances --db-instance-identifier <DB_INSTANCE_IDENTIFIER>
Additional Notes: