This rule emphasizes the importance of protecting EC2 instances with a backup plan.
Rule | EC2 instances should be protected by backup plan |
Framework | GxP EU Annex 11 |
Severity | ✔ Medium |
EC2 Instances Backup Plan for GxP EU Annex 11 Compliance
Complying with EU Annex 11’s Good Automated Manufacturing Practice (GAMP) requires that electronic records and critical systems, such as EC2 instances in AWS, are adequately backed up to safeguard data integrity and availability. Here is a detailed guide on how to enforce an EC2 backup plan that aligns with GxP EU Annex 11 requirements.
Rule Description
This rule states that all EC2 instances, particularly those used in regulated environments subject to GxP guidelines, must be backed up according to a predefined schedule. Backup policies should ensure that:
Troubleshooting Steps
If an EC2 instance is not being backed up according to the GxP EU Annex 11 guidelines, follow these troubleshooting steps:
Verify Backup Configuration:
Validate Encryption and Security:
Check Backup Frequency and Retention:
Confirm Restore Capability:
Required AWS CLI Commands
To manage backups for EC2 instances via the AWS CLI, you can use the following commands:
To create a snapshot of an EC2 instance:
aws ec2 create-snapshot --volume-id <volume-id> --description "Backup for GxP compliance"
To automate snapshots creation with a schedule using Amazon Data Lifecycle Manager:
aws dlm create-lifecycle-policy --execution-role-arn <role-arn> --description "GxP Backup Policy" --state ENABLED --policy-details file://policy.json
Create a
policy.json
file that defines your backup policy details including the schedule, target tags, and retention rules.To verify the policy:
aws dlm get-lifecycle-policies --policy-ids <policy-id>
To recover an instance from a snapshot:
aws ec2 create-image --instance-id <instance-id> --name "Instance Recovery Image"
Step by Step Guide for Remediation
Identify EC2 Instances:
Configure AWS Backup:
Implement Encryption:
Test Restore Procedures:
Document the Backup Plan:
Monitor & Review:
These details provide a clear and precise outline of how to ensure your EC2 instances remain compliant with the GxP EU Annex 11 requirements, avoiding common pitfalls, and maintaining both data integrity and regulatory compliance. Please replace placeholders like
<volume-id>
and <role-arn>
with actual values from your AWS environment.