Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Enable RDS DB Instance Backup Rule

This rule ensures RDS DB instance backup is enabled for data protection.

RuleRDS DB instance backup should be enabled
FrameworkCISA-cyber-essentials
Severity
Medium

Rule Description: RDS DB instance backup should be enabled for CISA-cyber-essentials

Description:

Enabling regular backups for RDS (Relational Database Service) instances is an important security practice, especially for compliance with the CISA Cyber Essentials framework. RDS backups provide an additional layer of protection for critical data by allowing you to restore your database to a specific point in time in case of accidental data loss, user errors, or system failures.

Troubleshooting Steps:

  1. 1.
    Verify if the RDS instance has backup enabled by checking the DB instance details in the AWS Management Console or using AWS CLI commands.
  2. 2.
    If backups are not enabled, follow the remediation steps below to enable them.

Remediation Steps:

To enable backups for an RDS DB instance, follow these steps:

AWS Management Console:

  1. 1.
    Sign in to the AWS Management Console and open the Amazon RDS service.
  2. 2.
    Navigate to the "Instances" page.
  3. 3.
    Select the desired DB instance.
  4. 4.
    Click on the "Actions" dropdown menu and choose "Modify".
  5. 5.
    In the "Backup" section, ensure that the "Automated backups" option is selected.
  6. 6.
    Set a suitable retention period for backups (at least seven days is recommended).
  7. 7.
    Click "Apply immediately" to make the changes effective immediately.
  8. 8.
    Review the changes and click "Modify DB instance" to enable backups for the RDS DB instance.

AWS CLI:

  1. 1.
    Use the
    describe-db-instances
    command to list all the RDS instances:
    aws rds describe-db-instances
    
  2. 2.
    Identify the DB instance for which backups need to be enabled.
  3. 3.
    Use the
    modify-db-instance
    command to enable automated backups and set the retention period:
    aws rds modify-db-instance --db-instance-identifier <DB_INSTANCE_IDENTIFIER> --backup-retention-period <RETENTION_PERIOD>
    
    Replace
    <DB_INSTANCE_IDENTIFIER>
    with the identifier of the DB instance, and
    <RETENTION_PERIOD>
    with the desired number of days for retention (e.g., 7 for a 7-day retention period).
  4. 4.
    Verify the changes by describing the modified DB instance:
    aws rds describe-db-instances --db-instance-identifier <DB_INSTANCE_IDENTIFIER>
    

Additional Notes:

  • Enabling RDS backups incurs additional storage costs, so it's important to consider the impact on your overall AWS costs.
  • Regularly test the restoration process from backups to ensure they are functioning as expected.
  • Consider implementing automated backup management using AWS Backup or custom scripts to streamline the backup process and ensure consistency.

Is your System Free of Underlying Vulnerabilities?
Find Out Now