Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: RDS Aurora Clusters Protected by Backup Plan

Ensure RDS Aurora clusters are protected by a backup plan as per Protect (PR) control.

RuleRDS Aurora clusters should be protected by backup plan
FrameworkNIST Cybersecurity Framework (CSF) v1.1
Severity
Medium

Rule Description: RDS Aurora clusters should be protected by a backup plan for NIST Cybersecurity Framework (CSF) v1

NIST Cybersecurity Framework (CSF) v1 provides a set of best practices to manage and improve the cybersecurity posture of organizations. One of the key recommendations is to have a robust backup plan in place to protect critical data. This rule focuses on ensuring that RDS Aurora clusters, a scalable and highly available relational database service provided by AWS, have a backup plan implemented in accordance with the CSF guidelines.

Troubleshooting steps:

  1. 1.

    Verify RDS Aurora backup configuration:

    • Access the AWS Management Console and navigate to the RDS service.
    • Select the appropriate Aurora cluster.
    • Go to the "Backup & Restore" section and check the backup settings.
    • Ensure that automated backups are enabled, and a retention period is set according to your organization's data retention policy.
  2. 2.

    Check backup frequency:

    • Assess the frequency of automated backups and evaluate if it aligns with your organization's Recovery Point Objective (RPO).
    • Identify if additional manual backups are required for critical databases that need to be backed up more frequently than the automated backup frequency.
  3. 3.

    Verify backup storage:

    • Evaluate the allocated storage capacity for backups and ensure it is sufficient to accommodate the required number of backups.
    • Confirm that backups are stored in a separate AWS region or a geographically isolated location to protect against regional failures or disasters.

Necessary Codes:

There are no specific codes required for this rule. However, you may need to run AWS CLI commands to configure or verify the backup settings if it cannot be done through the console.

Step-by-Step Guide for Remediation:

  1. 1.

    Navigate to the RDS service in the AWS Management Console.

  2. 2.

    Select the appropriate Aurora cluster that needs to be protected by a backup plan.

  3. 3.

    Click on the "Backup & Restore" tab in the cluster details.

  4. 4.

    Enable automated backups if not already enabled:

    • If automated backups are disabled, click on the "Modify" button.
    • Set the "Backup retention period" according to your organization's data retention policy, considering regulatory requirements and business needs.
    • Click on "Apply immediately" and then "Modify cluster" to save the changes.
  5. 5.

    Review backup frequency:

    • Ensure that the automated backup frequency aligns with your organization's Recovery Point Objective (RPO).
    • If additional manual backups are required for critical databases, utilize the AWS CLI or AWS SDKs to create manual backups as needed.
  6. 6.

    Evaluate backup storage capacity:

    • Review the allocated storage capacity for backups and ensure it is sufficient to retain the required number of backups.
    • If additional storage capacity is needed, access the cluster settings and modify the storage capacity accordingly.
  7. 7.

    Ensure geographic redundancy:

    • Confirm that backups are stored in a separate AWS region or a geographically isolated location to protect against regional failures or disasters.
    • If needed, leverage AWS's cross-region automated backups to store backups in a different region.
  8. 8.

    Periodically review and test the backup plan:

    • Regularly review the backup plan to ensure it aligns with the evolving data protection requirements of your organization.
    • Periodically test the restoration process from backups to validate the integrity and recoverability of the backed-up data.

By following the above steps, you will effectively implement a backup plan for RDS Aurora clusters in compliance with the NIST Cybersecurity Framework version 1.

Is your System Free of Underlying Vulnerabilities?
Find Out Now