Ensure compliance with the requirement to protect EC2 instances with a backup plan.
Rule | EC2 instances should be protected by backup plan |
Framework | NIST 800-171 Revision 2 |
Severity | ✔ Medium |
Rule Description:
EC2 instances should be protected by a backup plan to comply with NIST 800-171 Revision 2. This rule ensures that proper backup measures are in place to protect critical data and restore it in case of data loss, system failures, or disasters. Regular backups are essential for maintaining data integrity, business continuity, and meeting compliance requirements.
Troubleshooting Steps:
Code Samples (AWS Backup CLI):
To enable backup for an EC2 instance, follow these steps:
aws backup create-backup-plan --backup-plan '{ "BackupPlanName": "MyBackupPlan", "Rules": [ { "RuleName": "EC2BackupRule", "TargetBackupVaultName": "MyBackupVault", "ScheduleExpression": "cron(0 0 ? * MON-FRI *)", "StartWindowMinutes": 60, "Lifecycle": { "DeleteAfterDays": 30, "MoveToColdStorageAfterDays": 90 } } ] }'
This command creates a backup plan named "MyBackupPlan" and associates it with the "EC2BackupRule". Adjust the parameters according to your requirements.
aws backup describe-backup-plan --backup-plan-id <backup-plan-id>
This command provides detailed information about the backup plan, including the backup plan ID.
aws backup start-backup-job --resource-arn <ec2-instance-arn> --backup-vault-name MyBackupVault --iam-role-arn <iam-role-arn>
Replace
<ec2-instance-arn>
with the ARN of the EC2 instance and <iam-role-arn>
with the ARN of the IAM role that has the necessary permissions to perform backups.Remediation Steps:
To enable backup protection and meet the NIST 800-171 Revision 2 requirement, follow these steps:
Please note that AWS Backup is the recommended solution for managing backups in AWS, but you have the flexibility to choose a custom backup solution as long as it complies with the NIST 800-171 Revision 2 guidelines.
Regularly monitor the backup operations, validate restoration procedures, and periodically test the backups to ensure the integrity and availability of your EC2 instance data.