Rule: EFS File Systems Protected by Backup Plan
This rule ensures that EFS file systems are protected by a backup plan to prevent data loss.
| Rule | EFS file systems should be protected by backup plan |
| Framework | GxP EU Annex 11 |
| Severity | ✔ High |
EFS File Systems Backup Plan for GxP EU Annex 11 Compliance
Ensuring that Electronic File System (EFS) data is protected by a backup plan is a critical requirement for compliance with Good Practice (GxP) guidelines and the European Union (EU) Annex 11, which pertains to computerized systems used in regulated activities. The following section provides a detailed description of the rule, troubleshooting steps, necessary command-line interface (CLI) commands, and a step-by-step remediation guide without any superfluous information.
Rule Description
Under GxP and EU Annex 11, any computerized system used in the production, laboratory, and quality processes must ensure that data is consistently recorded, stored, and retrievable. This includes the need for a robust backup plan for EFS file systems, which are often used to store critical data.
In practice, this means:
- Implementing automatic backups for EFS.
- Ensuring that backup retention policies meet regulatory timeframes.
- Validating the backup process to ensure data integrity.
- Being able to restore from backups efficiently to minimize downtime.
Prerequisites
Ensure that the AWS CLI is installed and configured with the necessary permissions to manage EFS and backup services.
Backup Plan Implementation
Step-by-Step Guide
- 1.
Create a Backup Vault
aws backup create-backup-vault --backup-vault-name "EFSBackupVault" - 2.
Create a Backup Plan
# Create a backup plan JSON file (backup-plan.json) cat << EOT > backup-plan.json { "BackupPlan": { "BackupPlanName": "EFSBackupPlan", "Rules": [ { "RuleName": "DailyBackup", "TargetBackupVaultName": "EFSBackupVault", "ScheduleExpression": "cron(0 5 * * ? *)", "StartWindowMinutes": 60, "CompletionWindowMinutes": 10080, "Lifecycle": { "MoveToColdStorageAfterDays": 30, "DeleteAfterDays": 365 }, "RecoveryPointTags": { "Backup": "Daily" } } ] } } EOT aws backup create-backup-plan --cli-input-json file://backup-plan.json - 3.
Assign Resources
# Assign the EFS file system to the backup plan using the file-system-id aws backup update-recovery-point-lifecycle --backup-vault-name "EFSBackupVault" \ --recovery-point-arn "arn:aws:backup:region:account-id:recovery-point:recovery-point-id" \ --lifecycle "MoveToColdStorageAfterDays=30,DeleteAfterDays=365" - 4.
Monitor the Backup Activity
You can use the AWS Backup Console or AWS CLI to check the status of backup jobs.
aws backup list-backup-jobs --by-resource "file-system-id"
Troubleshooting Tips
If backups are failing, consider the following steps to troubleshoot:
- 1.
Check permissions: Ensure that the AWS IAM role associated with the backups has sufficient permissions.
aws iam get-role-policy --role-name "BackupRole" --policy-name "BackupPolicy" - 2.
Inspect CloudWatch Logs: Look for error messages that could indicate the reason for the failure.
- 3.
Validate backup configuration: Ensure that the backup vault, policy, and rules exist and are configured correctly.
- 4.
Verify network connectivity: Ensure that there is connectivity between the EFS file system and the AWS Backup service.
Remediation
If your EFS file systems are not protected by a backup plan, you should create one following the steps above and ensure continuous compliance monitoring. For ongoing compliance, regular audits and checks should be incorporated into your routine to ensure that the backup plan is functioning correctly.
In conclusion, by adhering to the described steps and recommendations, you will uphold data integrity and availability as required by GxP and EU Annex 11, ensuring that EFS file systems are thoroughly protected by a backup plan.