Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: RDS Aurora Clusters Should Be Protected by Backup Plan

This rule ensures that RDS Aurora clusters are safeguarded with a backup plan to prevent data loss.

RuleRDS Aurora clusters should be protected by backup plan
FrameworkFederal Financial Institutions Examination Council (FFIEC)
Severity
Medium

Rule Description

RDS Aurora clusters that are used by Federal Financial Institutions Examination Council (FFIEC) should have a backup plan in place to ensure data protection and business continuity.

Troubleshooting Steps (if applicable)

If an RDS Aurora cluster is not protected by a backup plan, it can lead to potential data loss and violation of compliance requirements. To troubleshoot this issue, follow these steps:

  1. 1.

    Check the RDS Aurora cluster configuration: Verify if the cluster is configured to automatically create backups or if a manual backup plan is required.

  2. 2.

    Review the backup retention policy: Ensure that the backup retention period aligns with the data retention requirements specified by the FFIEC.

  3. 3.

    Check the backup frequency: Verify that the backups are performed at regular intervals. The frequency may vary based on the criticality of the data being stored.

  4. 4.

    Validate backup integrity: Ensure that the backups are successfully created and can be restored without any errors. Test the restoration process periodically to confirm data recoverability.

  5. 5.

    Review backup storage location: Ensure that the backups are stored securely in an appropriate location, such as Amazon S3 or a different region, to safeguard against local failures or disasters.

  6. 6.

    Monitor backup completion and errors: Set up monitoring and alerts to receive notifications in case of backup failures or any other issues related to the backup plan.

Necessary Codes (if applicable)

In order to configure a backup plan for an RDS Aurora cluster, the following AWS CLI command can be used:

aws rds modify-db-cluster --db-cluster-identifier <cluster-identifier> --backup-retention-period <retention-period> --preferred-backup-window <backup-window>

Replace

<cluster-identifier>
with the identifier of the RDS Aurora cluster and
<retention-period>
with the desired number of days for backup retention.
<backup-window>
should be replaced with the preferred window for backup execution, specified in UTC time.

Step-by-Step Guide for Remediation

Follow these steps to create and configure a backup plan for an RDS Aurora cluster used by FFIEC:

  1. 1.

    Open the AWS Management Console and navigate to the Amazon RDS service.

  2. 2.

    Click on "Databases" in the left navigation panel.

  3. 3.

    Select the RDS Aurora cluster that needs a backup plan.

  4. 4.

    Click on the "Modify" button to modify the cluster attributes.

  5. 5.

    In the "Backup" section, specify the desired backup retention period by entering the number of days in the "Backup retention period" field.

  6. 6.

    Choose an appropriate preferred backup window by selecting the start time and end time for backup execution. Ensure that the selected window does not conflict with any critical business activities.

  7. 7.

    Click on "Apply immediately" to apply the configuration changes immediately. Alternatively, you can schedule the modification to be applied during a maintenance window if preferred.

  8. 8.

    Review the configuration changes and click "Modify cluster" to save the changes.

  9. 9.

    Monitor the modification process to ensure that it is successful.

  10. 10.

    Validate the backup plan by checking if the backups are being created as per the configured frequency and retention period.

  11. 11.

    Regularly test the restoration process to confirm that the backups can be restored without any issues.

  12. 12.

    Monitor backup completion, errors, and other relevant metrics to ensure the ongoing effectiveness of the backup plan.

By following these steps, you can implement a backup plan for an RDS Aurora cluster to meet the FFIEC requirements and ensure data protection.

Is your System Free of Underlying Vulnerabilities?
Find Out Now