Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Ensure RDS DB Instances Are in a Backup Plan Rule

This rule states that RDS DB instances should be included in a backup plan to ensure data recovery.

RuleRDS DB instances should be in a backup plan
FrameworkNIST 800-53 Revision 4
Severity
High

Rule Description:

RDS DB instances should be included in a backup plan to comply with NIST 800-53 Revision 4. This policy ensures data availability and recoverability in case of any incidents or disasters. The backup plan helps to protect sensitive information stored in the RDS database by regularly creating backups and retaining them for a specified period.

Troubleshooting Steps:

  1. 1.

    Check Backup Configuration: Verify if backups are enabled for the RDS DB instances. Access the AWS Management Console and navigate to the RDS service. Open the specific DB instance page and check the backup settings. Ensure that backups are enabled and configured correctly.

  2. 2.

    Check Backup Retention Period: Validate the backup retention period for the RDS DB instance. By default, RDS retains automated backups for a maximum of 35 days. If the retention period is less than the required timeframe, modify it to comply with the policy.

Necessary Code:

There are no specific codes needed for this policy. However, you might need to use AWS CLI commands to verify and modify backup configurations if necessary.

Remediation Steps:

  1. 1.
    Modify Backup Configuration: If backups are not enabled for the RDS DB instance, use the following AWS CLI command to enable automated backups:
aws rds modify-db-instance --db-instance-identifier <db-instance-identifier> --backup-retention-period <backup-retention-period>

Replace

<db-instance-identifier>
with the actual identifier of the RDS DB instance and
<backup-retention-period>
with the desired backup retention period (e.g., 60 for 60 days).

  1. 1.
    Ensure Sufficient Backup Retention Period: To set the backup retention period if it is less than the required time, use the following AWS CLI command:
aws rds modify-db-instance --db-instance-identifier <db-instance-identifier> --backup-retention-period <backup-retention-period>

Replace

<db-instance-identifier>
with the identifier of the RDS DB instance and
<backup-retention-period>
with the desired backup retention period.

Additional Considerations:

  1. 1.

    Testing Restores: It's crucial to periodically test the restore process from the backup to ensure the data is recoverable successfully. Create a test RDS environment using the restored backup and verify the data integrity.

  2. 2.

    Backup Encryption: If the data stored in the RDS database is highly sensitive, consider enabling backup encryption to protect it from unauthorized access. You can configure backup encryption while creating or modifying the RDS DB instance.

  3. 3.

    Monitoring Backups: Regularly monitor the backup process to ensure the backups are being created successfully and the retention period requirements are met. Implement alerts or notifications to be notified of any backup failures.

By following this rule/policy, you can ensure compliance with NIST 800-53 Revision 4 and improve the overall resilience and recoverability of your RDS DB instances.

Is your System Free of Underlying Vulnerabilities?
Find Out Now