Rule: EFS File Systems Should Be in a Backup Plan

Rule Description:

Troubleshooting Steps (if applicable):

2. 1.

   Check EFS Permissions: Ensure that the appropriate IAM (Identity and Access Management) roles have the necessary permissions to perform backup and restore operations on EFS file systems.

4. 2.

   Verify EFS Mount Points: Double-check the mount points of your EFS file systems to ensure they are correctly configured. Incorrect mount points might prevent successful backup or restoration.

6. 3.

   Review AWS Backup Settings: Confirm that you have set up AWS Backup correctly for your EFS file systems. Ensure that the backup schedule, retention policies, and target storage locations are accurately configured.

8. 4.

   Monitor CloudWatch Logs: Check the CloudWatch Logs for any error messages or notifications related to EFS backup or restore operations. This can provide insights into the possible causes of failures.

10. 5.

    Contact AWS Support: If you have followed the above steps and are still experiencing issues, it is recommended to reach out to AWS support for further assistance. Provide them with relevant details about your backup plan, EFS file systems, and any error messages received for efficient troubleshooting.

Necessary Codes (if applicable):

Resources:
  MyEFSFileSystemBackupSelection:
    Type: AWS::Backup::BackupSelection
    Properties: 
      BackupPlanId: !Ref MyBackupPlan
      BackupSelection:
        ListOfTags:
          - ConditionKey: aws:efs:file-system-id
            ConditionType: STRINGEQUALS
            ConditionValue: fs-12345678
  
  MyBackupPlan:
    Type: AWS::Backup::BackupPlan
    Properties: 
      BackupPlan:
        BackupPlanName: MyEFSBackupPlan
        BackupPlanRule:
          RuleName: DailyBackup
          TargetBackupVault:
            Name: MyBackupVault
          ScheduleExpression: cron(0 12 * * ? *)
          Lifecycle:
            DeleteAfterDays: 30

fs-12345678

MyEFSBackupPlan

MyBackupVault

Step-by-Step Guide for Remediation:

2. 1.

   Identify EFS File Systems: Make a list of the EFS file systems that need to be included in the backup plan. Determine the criticality of each file system to prioritize backup frequency and retention policies.

4. 2.

   Set Up AWS Backup: If you haven't already, enable the AWS Backup service in your AWS account. This service allows you to create, manage, and monitor backup plans for various AWS resources, including EFS file systems.

6. 3.

   Create a Backup Vault: In the AWS Backup console, create a backup vault to store the EFS file system backups. Choose a meaningful name for the vault that reflects its purpose.

8. 4.

   Configure Backup Plan: Create a backup plan that defines the schedule, retention, and target vault for EFS file system backups. Use the AWS Management Console, AWS CLI, or AWS CloudFormation to create the backup plan.

10. 5.

    Add Backup Rules: Within the backup plan, define backup rules specifying which EFS file systems to include, their backup frequency, and how long to retain the backups. Use tags or file system IDs to select the EFS file systems for backup.

12. 6.

    Enable Backup: Once the backup plan and rules are defined, enable the backup for the EFS file systems. AWS Backup will automatically create and manage backups based on the defined plan and schedule.

14. 7.

    Monitor Backup Operations: Regularly monitor AWS Backup operations and ensure that EFS file system backups are happening according to the specified schedule. Review backup reports and logs for any potential issues.

16. 8.

    Validate and Test Restorations: Periodically validate the backup and restoration process by performing test restorations. Ensure that restored files are accurate and accessible. Document any deviations or improvements required.