This rule states that RDS Aurora clusters must have a backup plan in place to ensure data protection in case of emergencies.
Rule | RDS Aurora clusters should be protected by backup plan |
Framework | FedRAMP Moderate Revision 4 |
Severity | ✔ Medium |
Ensure RDS Aurora Clusters are Protected by a Backup Plan for FedRAMP Moderate Revision 4
Amazon RDS Aurora clusters must be configured with a robust backup plan to comply with the Federal Risk and Authorization Management Program (FedRAMP) Moderate Revision 4 requirements. This backup strategy is critical in maintaining data integrity, availability, and enabling disaster recovery.
Rule Description
The backup plan should encompass regularly scheduled snapshots, retention policies, and the ability to restore data at any time. For FedRAMP Moderate compliance, it must meet or exceed specified backup frequency and retention period requirements.
Backup Configuration Steps
Enabling Automatic Snapshots
Instance Actions
, then select Modify
.Backup Retention Period
is set to at least one day (the FedRAMP Moderate requirement is typically seven days).Copy Tags to Snapshots
if necessary to ensure snapshots are appropriately labeled.Manual Snapshots
While automated snapshots are vital, manual snapshots can be taken as well.
aws rds create-db-cluster-snapshot \ --db-cluster-snapshot-identifier my-manual-snapshot \ --db-cluster-identifier my-cluster
Replace
my-manual-snapshot
with your desired snapshot name and my-cluster
with the identifier of your Aurora cluster.Backup Retention Policy
Backup Retention Period
to the required duration.Disaster Recovery Preparedness
To assure data recoverability, regularly test the backup by restoring the snapshot to a new DB instance.
aws rds restore-db-cluster-from-snapshot \ --db-cluster-identifier my-new-cluster \ --snapshot-identifier my-snapshot-name
Troubleshooting Backup Issues
available
state.Remediation Steps
CLI Commands for Remediation
Update the Backup Retention Period
aws rds modify-db-cluster \ --db-cluster-identifier my-cluster \ --backup-retention-period 7 \ --apply-immediately
Schedule a New Snapshot
aws rds create-db-cluster-snapshot \ --db-cluster-snapshot-identifier my-scheduled-snapshot \ --db-cluster-identifier my-cluster
Restore a DB Cluster from Snapshot
aws rds restore-db-cluster-from-snapshot \ --db-cluster-identifier my-restored-cluster \ --snapshot-identifier my-scheduled-snapshot
Maintaining backups of RDS Aurora clusters and regularly verifying that they comply with FedRAMP Moderate requirements is not only essential for data integrity but also vital for meeting regulatory standards. Adhering to these guidelines will minimize the risk of data loss and ensure that RDS Aurora clusters are well-protected with a robust backup plan.