Rule: RDS Aurora Clusters Should Be Protected by Backup Plan
This rule ensures that all RDS Aurora clusters have a backup plan in place.
| Rule | RDS Aurora clusters should be protected by backup plan |
| Framework | CISA-cyber-essentials |
| Severity | ✔ Medium |
Rule Description: RDS Aurora Backup Plan for CISA Cyber Essentials
RDS Aurora clusters should be protected by a backup plan to adhere to the CISA-Cyber Essentials requirements. This rule ensures that regular database backups are in place and can be restored in case of data loss, system failures, or security incidents. Having a reliable backup plan helps mitigate the risk of losing critical data and ensures business continuity.
Troubleshooting Steps:
- 1.
Confirm that the Aurora cluster does not have an existing backup plan in place. You can check this by navigating to the Amazon RDS console, selecting the appropriate Aurora cluster, and reviewing the Backup tab.
- 2.
Ensure that there are sufficient resources allocated to perform backups. Check the available storage space for backups and verify that it is not nearing its limit.
- 3.
Check the backup retention period to ensure it meets the desired recovery point objective (RPO). The RPO determines how far back in time you can restore your database. Adjust the retention period if necessary.
- 4.
Verify that the backup window is scheduled appropriately, allowing sufficient time for backups to complete without impacting regular database operations.
- 5.
Check if there are any backup-related alarms or events indicating issues with the backup process. Review the Amazon CloudWatch alarms and event logs associated with the Aurora cluster.
Necessary Codes:
There are no specific codes associated with this rule. However, you may use the following AWS CLI command to retrieve information about the backup status of an Aurora cluster:
aws rds describe-db-cluster-backup-status --db-cluster-identifier <cluster-identifier> --query 'DBClusterBackups[*].{DBClusterIdentifier:DBClusterIdentifier, Status:Status}'
Step-by-step Guide for Remediation:
- 1.
Login to the AWS Management Console and navigate to the Amazon RDS service.
- 2.
Select the appropriate region from the region selector in the top right corner.
- 3.
Click on "Databases" in the left navigation panel and select the Aurora cluster that needs a backup plan.
- 4.
In the cluster details page, click on the "Backup" tab.
- 5.
Verify the backup retention period. Adjust it as per your desired RPO.
- 6.
Check the backup window and ensure it is scheduled during periods of low database activity.
- 7.
Confirm that the automated backup toggle is enabled to allow automatic backups.
- 8.
Review the available storage space for backups and ensure it is sufficient for your needs.
- 9.
Monitor the backup status regularly to ensure backups are being created successfully.
- 10.
Set up CloudWatch alarms to notify you of any issues with the backup process.
- 11.
If necessary, consider configuring additional backup options such as enabling Multi-AZ deployment for higher availability.
- 12.
Document the backup plan and its configuration for reference and compliance purposes.
By following the above steps, you will ensure that your RDS Aurora cluster is protected by a backup plan complying with the CISA Cyber Essentials requirements, minimizing the risk of data loss and ensuring business continuity.