Rule for Protecting RDS DB Instance with Backup Plan
This rule ensures that RDS DB instances are protected by a backup plan.
| Rule | RDS DB instance should be protected by backup plan |
| Framework | NIST 800-53 Revision 5 |
| Severity | ✔ High |
Rule Description:
RDS DB instances should be protected by a backup plan to adhere to the security requirements set by NIST 800-53 Revision 5. This rule ensures that critical data stored in RDS DB instances is backed up regularly to minimize the risk of data loss and to support disaster recovery efforts.
Troubleshooting Steps:
If the RDS DB instance is not protected by an active backup plan, follow these troubleshooting steps:
- 1.
Verify Backup Settings: Check the backup settings of the RDS DB instance to confirm if a backup plan is in place. Ensure that automated backups are enabled and configured correctly.
- 2.
Review IAM Permissions: Make sure that the AWS Identity and Access Management (IAM) user or role associated with the RDS DB instance has the necessary permissions to perform backup operations.
- 3.
Check Backup Retention Period: Verify that the backup retention period is set appropriately based on your business requirements. Ensure that backups are retained for a sufficient duration to enable point-in-time recovery if needed.
- 4.
Confirm Backup Storage: Ensure that the backups are stored securely in an encrypted and durable storage location such as Amazon S3. Confirm that the appropriate storage configuration is in place.
- 5.
Test Backup and Restore Process: Perform a test backup and restore operation to validate the backup plan and ensure that data can be successfully restored if required.
Necessary Codes:
There are no specific codes required for this rule. However, you may use the AWS Command Line Interface (CLI) to manage backup-related settings for your RDS DB instances.
Step-by-Step Guide for Remediation:
- 1.
Open the AWS Management Console and navigate to the Amazon RDS service.
- 2.
Select the desired RDS DB instance that needs to be protected by a backup plan.
- 3.
Click on "Modify" to modify the DB instance settings.
- 4.
In the "Backup" section, ensure that the "Backup retention period" is set to an appropriate value based on your business requirements. This value determines how long automated backups are retained. Choose a value that provides an acceptable recovery time objective (RTO) and recovery point objective (RPO).
- 5.
Enable automated backups if they are not already enabled. This ensures that regular backups are taken automatically.
- 6.
Configure the "Backup window" during the least active period for your application to minimize impact. This is the time range during which automated backups are taken.
- 7.
Verify that "Backup creation" is set to "Enabled."
- 8.
Review and modify other backup-related settings as per your requirements, such as "Backup retention period," "Backup IAM role," "Backup deletion protection," etc.
- 9.
Save the changes to apply the new backup settings to the RDS DB instance.
- 10.
Periodically monitor the backup status and ensure that backups are being created successfully.
- 11.
Perform periodic tests by initiating a backup and restore process to ensure the integrity and availability of your data.
Following these steps will ensure that your RDS DB instance is protected by a backup plan compliant with NIST 800-53 Revision 5 guidelines.