Protect RDS DB Instance by Backup Plan Rule
Ensure RDS DB instances are protected by a backup plan for compliance
| Rule | RDS DB instance should be protected by backup plan |
| Framework | NIST Cybersecurity Framework (CSF) v1.1 |
| Severity | ✔ High |
Rule Description:
RDS DB instances should be protected by a backup plan for NIST Cybersecurity Framework (CSF) v1. This rule ensures that backups are implemented to protect against data loss or corruption in the event of hardware failure, accidental deletion, or system compromise. Implementing a backup plan is crucial for complying with NIST CSF guidelines and ensuring the availability and recoverability of critical database data.
Troubleshooting Steps:
- 1.Verify if a backup plan is already in place for the RDS DB instance by checking the AWS Management Console or using the AWS CLI.
- 2.If no backup plan exists, proceed with the following steps to create one.
Remediation:
Follow the step-by-step guide below to create a backup plan for an RDS DB instance:
Step 1: Access the AWS Management Console
- 1.Log in to the AWS Management Console with appropriate IAM credentials.
Step 2: Navigate to Amazon RDS
- 1.In the AWS Management Console, search for "RDS" in the service search bar and select "Amazon RDS" from the results.
Step 3: Select the RDS DB Instance
- 1.From the list of RDS DB instances, select the instance for which you want to create a backup plan.
Step 4: Enable Automated Backups
- 1.In the RDS instance details page, navigate to the "Backup" tab.
- 2.Check if "Automated backups" is enabled. If not, enable it by selecting the appropriate retention period for backups.
- 3.Specify the backup window during which automated backups should occur.
Step 5: Configure Backup Retention Period
- 1.Specify the desired retention period for automated backups. Follow the NIST Cybersecurity Framework (CSF) guideline for an appropriate retention period based on your organization's requirements.
- 2.Consider factors such as compliance regulations, business impact, and recovery objectives when determining the retention period.
- 3.Click "Apply" to save the changes.
Step 6: Configure Backup Maintenance Window
- 1.Specify a suitable maintenance window during which backups will be performed. This should be a time when there is minimal impact on database activity.
- 2.Follow the NIST Cybersecurity Framework (CSF) guideline for setting a maintenance window that aligns with your organization's operational needs.
- 3.Click "Apply" to save the changes.
Step 7: Review and Confirm
- 1.Review the backup plan configuration and ensure it aligns with the NIST Cybersecurity Framework (CSF) requirements.
- 2.Click "Save" or "Apply" to initiate the backup plan creation.
CLI Commands (If applicable):
If you prefer using the AWS CLI, you can execute the following command to enable automated backups and set the retention period:
aws rds modify-db-instance --db-instance-identifier <instance-identifier> --backup-retention-period <retention-days> --apply-immediately
Replace
<instance-identifier><retention-days>--apply-immediatelyNote:
Regularly test the backup and recovery process to ensure its effectiveness and verify if the backups are being performed successfully. It is also essential to securely store the backups in a separate location to prevent data loss in the event of a disaster or compromise.