Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Enable RDS DB Instance Backup Rule

This rule ensures that RDS DB instance backup is enabled to maintain data integrity and security.

RuleRDS DB instance backup should be enabled
FrameworkNIST 800-53 Revision 5
Severity
Medium

Rule Description:

To comply with NIST 800-53 Revision 5, the backup feature should be enabled for all RDS (Relational Database Service) DB instances. Enabling backups helps to ensure data integrity, availability, and recoverability in case of any issues or failures. This rule ensures that appropriate measures are in place to protect data stored in RDS DB instances.

Troubleshooting Steps:

If backups are not enabled for an RDS DB instance, follow these troubleshooting steps to enable it:

  1. 1.
    Verify the current state of backup enablement for the RDS DB instance.
  2. 2.
    Check the IAM (Identity and Access Management) permissions of the account used for managing the RDS instance; ensure that it has sufficient privileges to enable backups.
  3. 3.
    Check for any existing scheduled backup window or snapshots that could conflict with enabling the backup feature.
  4. 4.
    If the DB instance is in a maintenance or backup window, you may need to wait until it is completed before enabling backups.
  5. 5.
    Check if the DB instance has the required storage space available to accommodate the backups.

Necessary Codes:

There are no specific codes necessary for this rule, as it involves enabling a feature within the AWS Management Console or using AWS CLI commands.

Step-by-Step Guide for Remediation:

To enable backups for an RDS DB instance, follow these step-by-step instructions:

  1. 1.
    Open the AWS Management Console and navigate to the RDS service.
  2. 2.
    From the left-hand menu, select "Databases" to view a list of your RDS DB instances.
  3. 3.
    Choose the DB instance for which you want to enable backups.
  4. 4.
    Under the "Maintenance & backups" tab, scroll down to the "Backup" section.
  5. 5.
    Ensure that the "Backup retention period" is set to a value greater than 0. This value determines how long the backups should be retained.
  6. 6.
    Check the "Automated backups" box to enable automated backups for the DB instance.
  7. 7.
    Optionally, you can configure the "Backup window" to specify a preferred time slot for taking backups. This helps avoid any potential impact on ongoing database operations during backup processes.
  8. 8.
    Click on the "Apply immediately" button to save the changes and enable backups for the selected RDS DB instance.
  9. 9.
    Monitor the status of the DB instance to ensure that the changes are applied successfully.

Note: Enabling backups may have cost implications, as storage is required to store the backup files. Ensure that you have sufficient storage capacity or adjust the retention period accordingly.

CLI Command for Enabling Backups:

If you prefer using the AWS Command Line Interface (CLI), you can enable backups for an RDS DB instance using the following command:

aws rds modify-db-instance --db-instance-identifier <DB Instance Identifier> --backup-retention-period <Retention Period in days> --apply-immediately

Replace

<DB Instance Identifier>
with the actual identifier of your RDS DB instance and
<Retention Period in days>
with the desired number of days to retain backups.

Summary:

Enabling backups for RDS DB instances ensures compliance with NIST 800-53 Revision 5. Following the provided troubleshooting steps and using either the AWS Management Console or CLI commands, you can easily enable backups and protect the data stored in your RDS infrastructure. Always remember to monitor the status and storage usage of the DB instances after enabling backups.

Is your System Free of Underlying Vulnerabilities?
Find Out Now