Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: EC2 Instances Should Be Protected by Backup Plan

This rule ensures that EC2 instances have a backup plan for data protection.

RuleEC2 instances should be protected by backup plan
FrameworkNIST Cybersecurity Framework (CSF) v1.1
Severity
Medium

EC2 Backup Compliance with NIST Cybersecurity Framework (CSF) v1

Ensuring that Amazon EC2 instances are compliant with the NIST Cybersecurity Framework involves implementing a stringent backup plan. The framework suggests maintaining the resilience of systems, which includes robust data backup strategies.

Rule / Policy Description

For EC2 instances, protecting data requires a backup schedule that aligns with the organization's Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO). The backups should be automated, secure, and tested regularly.

Troubleshooting Steps

If backups fail or are non-compliant, follow these steps:

  1. 1.
    Check Backup Configurations: Verify that the backup jobs are correctly configured according to the backup policy.
  2. 2.
    Review IAM Permissions: Ensure that the AWS Identity and Access Management (IAM) roles have the necessary permissions to execute backups.
  3. 3.
    Monitor CloudWatch Logs: Inspect Amazon CloudWatch logs for any error messages related to backup processes.
  4. 4.
    Validate Network Connectivity: Ensure the instance has network connectivity to reach backup targets.

Necessary Codes

To automate backups, you can use AWS Backup or scripts with Amazon Data Lifecycle Manager (DLM).

AWS CLI Commands for DLM:

# Create a backup policy
aws dlm create-lifecycle-policy --description "DailyBackups" --state ENABLED --execution-role-arn EXECUTION_ROLE_ARN --policy-details file://policy-details.json

# Example policy-details.json
{
   "PolicyType": "EBS_SNAPSHOT_MANAGEMENT",
   "ResourceTypes": [
      "VOLUME"
   ],
   "TargetTags": [
      {
         "Key": "Backup",
         "Value": "True"
      }
   ],
   "Schedules": [
      {
         "Name": "DailyBackups",
         "TagsToAdd": [
            {
               "Key": "Backup",
               "Value": "Daily"
            }
         ],
         "CreateRule": {
            "Interval": 24,
            "IntervalUnit": "HOURS",
            "Times": ["03:00"]
         },
         "RetainRule": {
            "Count": 7
         },
         "CopyTags": false
      }
   ]
}

Step by Step Guide for Remediation

  1. 1.

    Set Up AWS Backup:

    • Navigate to the AWS Backup console.
    • Create a new backup plan or select a pre-built template that complies with NIST CSF.
    • Configure backup rules (frequency, lifecycle, etc.).
    • Assign resources to the backup plan by tagging EC2 instances.
  2. 2.

    Configure DLM Policies (Optional if using AWS Backup):

    • Create an IAM role for DLM with required permissions.
    • Use AWS CLI to create lifecycle policies, specifying intervals and retention rules.
  3. 3.

    Regular Compliance Checks:

    • Schedule routine checks to ensure the backups meet required compliance standards.
    • Use AWS Config to set compliance rules and receive alerts.
  4. 4.

    Test Recovery Procedures:

    • Perform regular test restorations to ensure the integrity and effectiveness of your backups.

The implementation of this backup strategy assures data resilience and aids in maintaining the integrity and availability aspects of the NIST CSF. By following the outlined steps and automating the backup processes, you can ensure that your EC2 instances are adequately protected and recoverable in the event of an incident, which is essential for meeting the NIST CSF's goals.

Is your System Free of Underlying Vulnerabilities?
Find Out Now