Rule: RDS DB Instance Backup Should Be Enabled
This rule ensures that RDS database instance backup is enabled to protect data.
| Rule | RDS DB instance backup should be enabled |
| Framework | CISA-cyber-essentials |
| Severity | ✔ Medium |
RDS DB Instance Backup Policy Description
The RDS DB instance backup policy ensures that the CISA Cyber Essentials compliance requirement for enabling database backups for RDS DB instances is met. This policy helps safeguard the critical data stored in RDS databases by ensuring that regular backups are performed.
Troubleshooting Steps (if applicable)
Troubleshooting steps will vary based on the specific issues encountered during the configuration process. However, some common troubleshooting steps for enabling RDS DB instance backups are as follows:
- 1.
Verify IAM permissions: Ensure that the IAM user or role utilized for enabling backups has appropriate permissions to perform the necessary actions, such as
andrds:CreateDBSnapshot
.rds:ModifyDBInstance - 2.
Check RDS instance status: Confirm that the RDS database instance is in an available state and not undergoing any modifications or maintenance activities.
- 3.
Review backup settings: Double-check the backup retention period and window to ensure they are set according to the desired policy requirements.
Necessary Codes (if applicable)
In most cases, enabling RDS DB instance backups can be accomplished through the AWS Management Console without requiring any code. However, if automation or scripting is desired, the following AWS CLI command can be used:
aws rds modify-db-instance --db-instance-identifier <db-instance-identifier> --backup-retention-period <days> --apply-immediately
Replace
<db-instance-identifier><days>Step-by-Step Guide for Remediation
Please follow the steps below to ensure RDS DB instance backup is enabled for CISA Cyber Essentials compliance:
- 1.
Access AWS Management Console: Login to the AWS Management Console using appropriate credentials.
- 2.
Navigate to RDS service: Open the RDS service console by clicking on RDS under the "Database" section.
- 3.
Select the target DB instance: From the list of RDS DB instances, select the target DB instance for which you want to enable backups.
- 4.
Click on "Actions": In the top navigation bar, click on the "Actions" button.
- 5.
Choose "Modify": From the dropdown menu, select "Modify".
- 6.
Enable backups: Scroll down to the "Backup" section of the modify page and ensure that the backup retention period is set to the desired value. If needed, modify the value accordingly.
- 7.
Apply changes: Check the "Apply immediately" checkbox and click on the "Modify DB Instance" button to apply the changes.
- 8.
Verify backup configuration: Once the modification is completed, monitor the RDS DB instance status to ensure the changes take effect as expected.
- 9.
Confirm backup functionality: Validate that automated backups are being performed by checking the "Latest Restorable Time" value in the RDS instance details.
By following the above steps, the RDS DB instance backup will be enabled for CISA Cyber Essentials compliance.