RDS DB Instances in Backup Plan Rule
This rule ensures RDS DB instances are included in a backup plan.
| Rule | RDS DB instances should be in a backup plan |
| Framework | CISA-cyber-essentials |
| Severity | ✔ High |
RDS DB Instance Backup Plan for CISA Cyber Essentials
Rule Description
The rule states that all RDS (Relational Database Service) DB instances should have a backup plan in place to comply with the CISA Cyber Essentials framework. This backup plan ensures that data stored in RDS databases is backed up regularly and can be recovered in case of data loss or system failures.
Troubleshooting Steps (if applicable)
Troubleshooting steps are only necessary if issues arise with the RDS DB instance backup plan. Here are some possible troubleshooting steps:
- 1.Missing or incomplete backups: Check if there are any missing or incomplete backups for the RDS DB instances. Ensure that backups are being performed regularly and all necessary databases are included in the backup plan.
- 2.Backup retention period: Verify the backup retention period for the RDS DB instances. Make sure that backups are retained for the required duration specified in the backup plan.
- 3.Backup storage: Ensure that there is sufficient storage available for the backups. If the storage limit is reached, consider increasing the allocated storage or managing the backup storage more effectively.
- 4.Backup frequency: Review the backup frequency to ensure it aligns with the business requirements and data update frequency. Adjust the backup plan accordingly if necessary.
Necessary Codes (if applicable)
In this case, there are no specific codes to implement. The backup plan and configuration can be managed through the AWS Management Console or AWS Command Line Interface (CLI).
Step-by-Step Guide for Remediation
Follow the steps below to implement or verify a backup plan for RDS DB instances:
- 1.
Identify the RDS DB instances: Identify the RDS DB instances that require a backup plan or review the existing backup plan if available.
- 2.
Configure the backup plan: Access the AWS Management Console or use AWS CLI to configure the backup plan for each RDS DB instance. Specify the desired backup frequency, retention period, and other settings as required.
- 3.
Verify the backup plan: Validate that the backup plan is properly configured. Double-check the backup settings such as frequency and retention period against the requirements of the CISA Cyber Essentials framework.
- 4.
Monitor backups: Regularly monitor the backup status of the RDS DB instances to ensure that backups are performed successfully and no issues are encountered.
- 5.
Test data recovery: Periodically test the data recovery process to ensure that backups are working correctly. This can be done by restoring a backup to a separate environment or performing a test restore of a specific database.
- 6.
Documentation: Document the backup plan configuration and any testing performed for future reference and auditing purposes.
Following these steps will ensure that RDS DB instances have a backup plan in place, aligning with the requirements of the CISA Cyber Essentials framework.