Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: RDS DB Instance Backup Should Be Enabled

This rule states that RDS DB instances must have backup enabled to ensure data safety.

RuleRDS DB instance backup should be enabled
FrameworkGxP 21 CFR Part 11
Severity
Medium

Rule Description:

RDS DB instance backup should be enabled for GxP 21 CFR Part 11. This rule ensures that all RDS DB instances used for GxP (Good Practice) compliance, specifically 21 CFR Part 11, have the backup feature enabled.

Backup is critical for data integrity and availability in GxP environments, where the preservation of electronic records plays a crucial role. This rule helps meet regulatory requirements for electronic records and signatures set forth by 21 CFR Part 11.

Troubleshooting Steps (if backup is not enabled):

  1. 1.
    Identify the RDS DB instance(s) associated with GxP 21 CFR Part 11 compliance.
  2. 2.
    Connect to the AWS Management Console or use the AWS CLI to access the RDS service.
  3. 3.
    Navigate to the RDS dashboard and locate the specific RDS DB instance(s).
  4. 4.
    Check if the backup feature is enabled for the identified DB instance(s).
  5. 5.
    If the backup feature is not enabled, follow the remediation steps below.

Remediation Steps:

  1. 1.
    Connect to the AWS Management Console or use the AWS CLI to access the RDS service.
  2. 2.
    Navigate to the RDS dashboard and locate the specific RDS DB instance(s) that need to have backups enabled for GxP 21 CFR Part 11 compliance.
  3. 3.
    Select the DB instance(s) and click on the "Actions" button.
  4. 4.
    From the dropdown menu, click on "Modify" to modify the DB instance settings.
  5. 5.
    In the "Additional Configuration" section, find the "Backup" option.
  6. 6.
    Set the "Backup retention period" according to your organization's requirements. It is recommended to have a minimum backup retention period of 30 days for GxP compliance.
  7. 7.
    Enable the automated backups by checking the "Enable automatic backups" checkbox.
  8. 8.
    Review the other backup-related settings such as preferred backup window, backup deletion policy, and backup encryption based on your organization's needs and GxP compliance requirements.
  9. 9.
    Click on the "Modify DB Instance" button to save the changes.
  10. 10.
    Once the modification is complete, the RDS DB instance(s) will have backup enabled for GxP 21 CFR Part 11 compliance.

Note: Depending on the size of the database and the number of instances, it may take some time to enable backups for all instances.

Example Code (AWS CLI):

aws rds modify-db-instance \
    --db-instance-identifier <instance-identifier> \
    --backup-retention-period 30 \                  # Set the backup retention period as required
    --backup-window <preferred-backup-window> \      # Set the preferred backup window as required
    --backup-deletion-policy <deletion-policy> \     # Set the backup deletion policy as required
    --enable-iam-database-authentication             # Enable IAM database authentication if required

Replace

<instance-identifier>
with the actual DB instance identifier and set other parameters accordingly.

Ensure you have the appropriate IAM permissions to modify and configure RDS DB instances.

Conclusion:

Enabling backups for RDS DB instances used in GxP 21 CFR Part 11 compliance is essential to ensure data integrity, availability, and adherence to regulatory requirements. Following the described steps and utilizing the provided example code, you can efficiently enable backups and meet the necessary compliance requirements.

Is your System Free of Underlying Vulnerabilities?
Find Out Now