Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: RDS DB Instances Should be in a Backup Plan

This rule ensures that RDS DB instances are included in a backup plan for data protection.

RuleRDS DB instances should be in a backup plan
FrameworkNIST Cybersecurity Framework (CSF) v1.1
Severity
High

Rule Description:

According to the NIST Cybersecurity Framework (CSF) v1, it is recommended to include RDS (Relational Database Service) DB instances in a backup plan. This ensures that data stored in the RDS instances is regularly backed up, minimizing the risk of data loss due to accidental deletion, hardware failure, or security incidents.

Troubleshooting Steps:

  1. 1.

    Verify Backup Settings: Check if the RDS instance has an active automated backup enabled. To do this:

    • Open the Amazon RDS Management Console.
    • Navigate to the "DB Instances" page.
    • Select the specific RDS instance in question.
    • Go to the "Backup" tab and ensure that automated backups are enabled.
  2. 2.

    Check Backup Retention Period: Confirm that the backup retention period is set appropriately based on your specific requirements. To verify and update the retention period:

    • Go to the "DB Instances" page in the Amazon RDS Management Console.
    • Select the relevant RDS instance.
    • Navigate to the "Backup" tab.
    • Adjust the backup retention period as desired.
  3. 3.

    Verify Backup Window: Ensure that the backup window is defined to minimize any impact on production database performance. To check and modify the backup window:

    • Open the Amazon RDS Management Console.
    • Go to the "DB Instances" page.
    • Select the RDS instance.
    • Navigate to the "Backup" tab.
    • Adjust the backup window to a suitable time frame.
  4. 4.

    Test Data Restoration: Perform a test data restoration to verify the backup and restoration process. This ensures that the backups are valid and can be restored when needed. You can follow these steps:

    • Create a test database or identify a non-production database where you can safely conduct tests.
    • Access the Amazon RDS Management Console.
    • Select the appropriate RDS instance.
    • Go to the "DB Snapshots" tab and choose the latest automated snapshot.
    • Click on "Restore Snapshot" and provide the necessary details for the test database.
    • Once restored, verify if the data is intact and usable.

Necessary Codes:

There are no specific codes required for this rule.

Step-by-Step Guide for Remediation:

  1. 1.
    Open the Amazon RDS Management Console.
  2. 2.
    Navigate to the "DB Instances" page.
  3. 3.
    Identify the RDS instances that need to be included in the backup plan.
  4. 4.
    For each identified instance:
    • Check if automated backups are enabled.
    • Adjust the backup retention period if necessary.
    • Modify the backup window to a suitable time frame.
    • Test the data restoration process on a non-production/test database.
  5. 5.
    Confirm that all necessary RDS instances are now included in the backup plan.

Note:

Implementing regular backups for RDS DB instances not only fulfills the NIST Cybersecurity Framework requirements, but it also provides an essential layer of protection against data loss and aids in disaster recovery efforts. Regularly reviewing and testing backup processes is crucial to ensure the reliability and availability of your databases.

Is your System Free of Underlying Vulnerabilities?
Find Out Now