Rule: RDS Aurora clusters should be protected by backup plan
Ensure RDS Aurora clusters have a backup plan in place for data protection.
| Rule | RDS Aurora clusters should be protected by backup plan |
| Framework | FedRAMP Low Revision 4 |
| Severity | ✔ Medium |
Description
According to the FedRAMP Low Revision 4 guidelines, RDS Aurora clusters should have a backup plan in place to ensure the availability and integrity of the data stored in the clusters. Regular backups are essential for disaster recovery and preventing data loss due to various reasons such as hardware failure, accidental deletion, or other unforeseen incidents.
Troubleshooting Steps
If there are any issues related to the backup plan for the RDS Aurora clusters, the following troubleshooting steps can be taken:
- 1.Verify backup configuration: Check if the Aurora cluster is configured correctly for backups. Ensure that automatic backups are enabled and the backup retention period is appropriately set.
- 2.Check backup status: Verify the status of the automatic backups. Ensure that backups are being taken as per the configured schedule.
- 3.Troubleshoot backup failure: If backups are failing, review the error messages and logs provided by AWS. Check for any storage or permission-related issues that might be causing the failure.
- 4.Review IAM permissions: Ensure that the IAM role or user associated with the cluster has the necessary permissions to perform backups and restore operations.
Necessary Code
No code is necessary for this policy as it focuses on the configuration and management of the RDS Aurora backup feature. However, the AWS Command-Line Interface (CLI) can be used to check and modify backup-related configurations if needed.
Remediation Steps
To ensure compliance with the backup plan requirement for RDS Aurora clusters in the context of FedRAMP Low Revision 4, follow these steps:
- 1.Login to AWS Management Console: Access the AWS Management Console using valid credentials: https://console.aws.amazon.com/.
- 2.Navigate to RDS Dashboard: Go to the RDS (Relational Database Service) dashboard by selecting the "RDS" service from the available services or by using the search bar.
- 3.Select the Aurora Cluster: Choose the Aurora cluster that needs the backup plan review.
- 4.Verify Backup Configuration: In the cluster details section, ensure that automatic backups are enabled and the backup retention period is appropriately set. Make sure that there are no errors or warnings related to backups.
- 5.Check Backup Status: Navigate to the "Backups" tab and ensure that backups are being taken as per the configured schedule. Check for any failed backups or warnings.
- 6.Troubleshoot Backup Failure: If backups are failing, review the error messages and logs provided by AWS. Resolve any identified issues.
- 7.Review IAM Permissions: Verify that the IAM role or user associated with the cluster has the necessary permissions to perform backups and restore operations. Make sure the required IAM policies are attached to the role/user.
- 8.Implement or Update Backup Plan: If the backup plan is not in place or needs modification, configure the backup settings based on the desired retention period and backup frequency. Save the changes.
Ensure that the above steps are followed for all RDS Aurora clusters within the scope of FedRAMP Low Revision 4 compliance.
Note: It is always recommended to refer to the official AWS documentation and consult with a certified AWS professional to ensure compliance with the specific requirements and to address any unique considerations for your environment.