Protect RDS DB Instance with Backup Plan Rule
This rule ensures RDS DB instances are protected by a backup plan to prevent data loss.
| Rule | RDS DB instance should be protected by backup plan |
| Framework | NIST 800-171 Revision 2 |
| Severity | ✔ High |
Rule Description:
The rule demands that the RDS DB instance should be safeguarded by a backup plan in alignment with the National Institute of Standards and Technology (NIST) Special Publication 800-171 Revision 2. This guideline ensures the protection and availability of sensitive information stored in the RDS DB instance.
Troubleshooting Steps:
If the RDS DB instance is not protected by an appropriate backup plan as per NIST 800-171 Rev. 2, you can follow these troubleshooting steps:
- 1.Identify the current backup configuration of the RDS DB instance.
- 2.Check if the automated backups are enabled for the RDS DB instance.
- 3.Ensure that the automated backups are being retained for a sufficient duration to comply with NIST 800-171 Rev. 2.
- 4.Verify if manual snapshots of the RDS DB instance are being taken, and if so, evaluate the retention period of these snapshots.
- 5.Investigate if the RDS DB instance is included in any backup policies or data lifecycle management plans.
- 6.Examine the frequency and consistency of backup executions to confirm compliance.
Code Samples:
No specific code samples are required for this rule.
Remediation Steps:
To comply with the rule and ensure that the RDS DB instance is protected by a backup plan according to NIST 800-171 Rev. 2, follow these steps:
- 1.
Enable Automated Backups (if not already enabled):
- Open the Amazon RDS Management Console.
- Select the desired RDS DB instance.
- Choose the "Modify" option.
- Scroll down to the "Backup" section.
- Ensure that the "Backup Retention Period" is set as per NIST requirements.
- Select the appropriate "Backup Window" to avoid unnecessary interruptions.
- Click on "Continue" and review the proposed changes.
- Finally, click on "Modify DB Instance" to save the changes.
- 2.
Configure Manual Snapshots (if required):
- Open the Amazon RDS Management Console.
- Select the targeted RDS DB instance.
- Choose the "Actions" dropdown menu.
- Click on "Take snapshot."
- Provide an appropriate name and description for the snapshot.
- Adjust the retention period of the snapshot as per NIST guidelines.
- Click on "Take snapshot" to create the manual snapshot.
- 3.
Implement Backup Lifecycle Management (if necessary):
- Determine your desired backup policies and data lifecycle management plans based on NIST 800-171 Rev. 2 and organizational requirements.
- Utilize AWS Backup service or custom scripts to automate backup executions and retention periods.
- Ensure the backup plan includes the RDS DB instance.
- 4.
Periodically Review and Verify:
- Regularly validate through the Amazon RDS Management Console that automated backups are being executed according to the specified retention period.
- Verify that manual snapshots are being taken as per the defined retention policy.
- Ensure the backup lifecycle management plan is operating correctly and backups are aligned with NIST 800-171 Rev. 2 requirements.
By following these steps, your RDS DB instance will be compliant with NIST 800-171 Rev. 2, ensuring the protection and availability of your valuable data.