This rule ensures EBS volumes have a backup plan for protection.
Rule | EBS volumes should be protected by a backup plan |
Framework | FedRAMP Moderate Revision 4 |
Severity | ✔ High |
EBS Volumes Backup Plan for FedRAMP Moderate Revision 4
AWS Elastic Block Store (EBS) volumes house essential data for many applications running on EC2 instances. As per FedRAMP Moderate Revision 4, it's crucial to have robust backup strategies to ensure data resiliency and recovery. Here we detail the backup plan requirements and steps to ensure compliance with FedRAMP standards.
Backup Plan Requirements
FedRAMP Moderate Revision 4 mandates that EBS volumes be regularly backed up and that the backup data is encrypted. The recovery point objective (RPO) and recovery time objective (RTO) should comply with the agency’s requirements.
Rule Details
Backup Strategies
Using AWS Backup
AWS Backup is a managed backup service that supports EBS volumes:
Using Amazon Data Lifecycle Manager
Troubleshooting
If backups are failing, check the following:
Remediation Steps
If you do not have a backup plan in place:
CLI Commands
To create an EBS snapshot:
aws ec2 create-snapshot \ --volume-id vol-1234567890abcdef0 \ --description "Snapshot description" \ --tag-specifications 'ResourceType=snapshot,Tags=[{Key=your-key,Value=your-value}]' \ --query SnapshotId \ --output text
To automate backup creation:
aws databackup create-backup-plan \ --backup-plan '{"BackupPlanName": "MyBackupPlan","Rules": [{"RuleName": "DailyBackups","TargetBackupVaultName": "MyBackupVault","ScheduleExpression": "cron(0 12 * * ? *)","StartWindowMinutes": 60,"CompletionWindowMinutes": 120,"RecoveryPointTags": {"Key": "Value"},"Lifecycle": {"MoveToColdStorageAfterDays": 30,"DeleteAfterDays": 365},"CopyActions": [{"DestinationBackupVaultArn": "arn:aws:backup:us-east-1:123456789012:vault:MyDestinationBackupVault"}]}]}'
Ensure that the usage of CLI commands complies with your organization's policies and permissions set by IAM roles before execution.
In conclusion, adherence to these guidelines will help ensure your AWS EBS volumes are protected according to FedRAMP Moderate requirements, which can enhance your organization's data resilience. Regularly review and test your backup processes to maintain compliance and data integrity.