Rule: EC2 Instances should be protected by backup plan
This rule ensures that EC2 instances are safeguarded by a backup plan.
| Rule | EC2 instances should be protected by backup plan |
| Framework | FedRAMP Low Revision 4 |
| Severity | ✔ Medium |
Rule Description
EC2 instances should be protected by a backup plan that complies with the requirements defined in the FedRAMP Low Revision 4 security standard. This rule aims to ensure data integrity, availability, and recoverability in case of any unforeseen events or disasters.
Troubleshooting Steps
- 1.Verify Backup Plan: Check if there is a backup plan configured for all relevant EC2 instances.
- 2.Review Configuration: Ensure that the backup plan complies with the requirements defined in the FedRAMP Low Revision 4 security standard.
- 3.Check Backup Schedule: Confirm that backups are scheduled at regular intervals as per the backup plan.
- 4.Validate Data Retention: Ensure that the backup plan defines an appropriate data retention period based on the business requirements and compliance regulations.
- 5.Test Restoration: Perform periodic testing of restoring data from backups to validate the effectiveness of the backup plan.
- 6.Monitor Backup Status: Continuously monitor the backup plan to ensure that backups are executing successfully without any errors.
Necessary Codes
There are no specific codes associated with this rule, as it primarily focuses on the configuration and compliance of backup plans for EC2 instances. However, you can utilize the AWS Command Line Interface (CLI) to manage backup plans, and the AWS SDKs (Software Development Kits) to automate backup configurations.
Step-by-Step Guide for Remediation
- 1.
Open the AWS Management Console and navigate to the AWS Backup service.
- 2.
Click on "Create backup plan" to configure a new backup plan.
- 3.
Provide a meaningful name for the backup plan and enter a description that aligns with the FedRAMP Low Revision 4 security standard requirements.
- 4.
Define the backup schedule based on the frequency required by your organization and compliance regulations.
- 5.
Specify the backup window to ensure backups do not impact the performance of the EC2 instances during operation.
- 6.
Configure the backup retention period according to the required data retention policies. Ensure it meets the minimum duration specified by the FedRAMP Low Revision 4 security standard.
- 7.
Enable backup vault encryption to protect backup data at rest in accordance with the required security controls.
- 8.
Choose the appropriate backup vault where the backups will be stored.
- 9.
Review the backup plan configuration and ensure it complies with the FedRAMP Low Revision 4 security standard.
- 10.
Click on "Create plan" to save the backup plan.
- 11.
Monitor the backup plan status regularly to ensure backups are performing as expected.
- 12.
Perform periodic tests by restoring data from backups to verify the recoverability of the EC2 instances.
- 13.
If any issues or errors occur while setting up or executing the backup plan, review the AWS Backup documentation or seek assistance from AWS Support for further troubleshooting steps.
By following these steps, you can remediate and comply with the requirement of protecting EC2 instances with a backup plan that adheres to the FedRAMP Low Revision 4 security standard.