Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: RDS Aurora Clusters Should Be Protected by Backup Plan

This rule ensures that RDS Aurora clusters are protected by a backup plan for data recovery and security.

RuleRDS Aurora clusters should be protected by backup plan
FrameworkNIST Cybersecurity Framework (CSF) v1.1
Severity
Medium

Rule Description:

RDS Aurora clusters should be protected by a backup plan for NIST Cybersecurity Framework (CSF) v1. This rule ensures the implementation of a backup strategy for Aurora database clusters, which is crucial for data protection and disaster recovery purposes. The NIST Cybersecurity Framework provides guidelines for organizations to manage and secure their information systems effectively.

Troubleshooting Steps:

If a backup plan is not in place for RDS Aurora clusters, the following troubleshooting steps can be taken:

  2. 1.

    Check the current backup policy: Verify the backup policy for the Aurora cluster by reviewing the RDS cluster settings in the AWS Management Console or using the AWS Command Line Interface (CLI) command: 

    aws rds describe-db-clusters --db-cluster-identifier <cluster-identifier>
    .

  4. 2.

    Verify backup retention period: Ensure that the backup retention period aligns with the organization's requirements. The retention period specifies how long automated backups are retained before being deleted. It can be modified using the AWS Management Console or the CLI command: 

    aws rds modify-db-cluster --db-cluster-identifier <cluster-identifier> --backup-retention-period <days>
    .

  6. 3.

    Confirm automated backups: Check if automated backups are enabled for the Aurora cluster. If not, enable them using the AWS Management Console or the CLI command: 

    aws rds modify-db-cluster --db-cluster-identifier <cluster-identifier> --backup-retention-period <days>
    .

  8. 4.

    Configure a backup window: Ensure that a preferred backup window is set to avoid disrupting critical operations during backup periods. The backup window can be configured using the AWS Management Console or the CLI command: 

    aws rds modify-db-cluster --db-cluster-identifier <cluster-identifier> --preferred-backup-window <window>
    . Replace 
    <window>
    with the desired backup window timeframe.

  10. 5.

    Test backup and restore procedures: Periodically test the backup and restore procedures to ensure they work effectively. Create a test environment using a copy of the production Aurora cluster and restore data from a backup to verify its integrity.

Necessary Codes:

The following AWS CLI commands can be utilized to configure backup settings for an RDS Aurora cluster:

  2. 1.
    To set the backup retention period:
aws rds modify-db-cluster --db-cluster-identifier <cluster-identifier> --backup-retention-period <days>

Replace 

<cluster-identifier>
with the identifier of the Aurora cluster and 
<days>
with the desired number of days to retain backups.

  2. 1.
    To enable automated backups:
aws rds modify-db-cluster --db-cluster-identifier <cluster-identifier> --backup-retention-period <days>

Use the same placeholders as mentioned above.

  2. 1.
    To configure a preferred backup window:
aws rds modify-db-cluster --db-cluster-identifier <cluster-identifier> --preferred-backup-window <window>

Replace 

<cluster-identifier>
with the identifier of the Aurora cluster and 
<window>
with the preferred backup window timeframe.

Step-by-Step Guide for Remediation:

Follow the steps below to remediate the rule violation for protecting RDS Aurora clusters with a backup plan:

  2. 1.

    Assess the current backup policy:

    • Log in to the AWS Management Console.
    • Navigate to the Amazon RDS dashboard.
    • Select the Aurora database cluster requiring the backup plan.
  4. 2.

    Set the backup retention period:

    • From the cluster view, click on "Modify" to edit the cluster settings.
    • Locate the "Backup retention period" option and enter the desired number of days to retain backups.
    • Save the changes.
  6. 3.

    Enable automated backups:

    • If automated backups are not already enabled, access the cluster's modification page as described above.
    • Under the "Backup retention period" option, enable automated backups.
    • Save the changes.
  8. 4.

    Configure a preferred backup window:

    • Locate the "Backup window" option in the cluster's settings.
    • Specify the preferred backup window timeframe (e.g., daily from 02:00 AM to 04:00 AM).
    • Save the changes.
  10. 5.

    Test backup and restore procedures:

    • Create a test environment or use a non-production Aurora cluster identical to the production environment.
    • Restore data from a backup to verify its integrity.
    • Document the backup and restore procedures for future reference.

By following these steps and ensuring the backup plan aligns with the NIST Cybersecurity Framework guidelines, you can successfully protect RDS Aurora clusters with an appropriate backup strategy.

Is your System Free of Underlying Vulnerabilities?
Find Out Now