Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: RDS DB Instances Should Be in a Backup Plan

Ensure that RDS DB instances are included in a backup plan for data protection.

RuleRDS DB instances should be in a backup plan
FrameworkNIST Cybersecurity Framework (CSF) v1.1
Severity
High

RDS DB Instances Backup Compliance with NIST Cybersecurity Framework v1

Amazon Relational Database Service (RDS) is a managed database service that makes it easier to set up, operate, and scale a relational database in the cloud. Ensuring that RDS DB instances are included in backup plans is a foundational aspect of maintaining data integrity and availability, which aligns with the NIST Cybersecurity Framework (CSF) Version 1.

Understanding the Rule

Backup Requirements

According to NIST CSF v1, organizations must implement data backup strategies as part of the Protect Function, specifically within the Data Security category. The framework advises that data be backed up regularly and that backups be tested to confirm data integrity and successful restoration.

RDS Specifics

For Amazon RDS, backups can be automated or manually executed. Automated backups occur within a defined backup window, while manual snapshots can be done at any desired time.

Troubleshooting Backup Issues

Common issues with RDS backups include:

  • Backup jobs not triggering as scheduled
  • Failed backup jobs
  • Incomplete backups

To troubleshoot these issues, consider the following steps:

  1. 1.
    Confirm that the RDS instance is properly configured for backups.
  2. 2.
    Ensure that the backup window does not conflict with heavy load periods.
  3. 3.
    Check RDS events and logs for any error messages related to backup operations.
  4. 4.
    Verify available storage space as lack of space can cause backup failures.
  5. 5.
    If using manual snapshots, confirm that they are being initiated correctly.

Remediation Steps

To ensure compliance with NIST CSF v1 for RDS backups, follow these steps:

Step 1: Enable Automated Backups

Use the AWS Management Console or AWS CLI to enable automated backups:

aws rds modify-db-instance \
--db-instance-identifier mydbinstance \
--backup-retention-period 7 \
--preferred-backup-window 22:00-23:00 \
--apply-immediately

Fields:

  • mydbinstance
    : The name of your RDS instance.
  • backup-retention-period
    : The number of days to retain the backup. The value '7' represents 7 days.
  • preferred-backup-window
    : The time window when backups should occur. This example sets it to 10 PM to 11 PM.

Step 2: Test Restores

It's critical to test restores periodically to ensure that the backup data is usable in the event of a disaster:

aws rds restore-db-instance-from-db-snapshot \
--db-instance-identifier mytestdbinstance \
--db-snapshot-identifier mydbsnapshot

Fields:

  • mytestdbinstance
    : The name of the new RDS instance for testing the restore process.
  • mydbsnapshot
    : The identifier for the DB snapshot to restore from.

Step 3: Monitor Backup Activity

Monitoring is essential to ensure that backups are occurring as expected:

aws rds describe-events \
--source-type db-instance \
--source-identifier mydbinstance \
--start-time $(date -u +"%Y-%m-%dT%H:%M:%SZ" -d "-1 days") \
--duration 1440

Fields:

  • mydbinstance
    : The name of your RDS instance.
  • The
    start-time
    and
    duration
    parameters specify a 24-hour window for the events you want to review.

Step 4: Implement Backup Retention Policies

Ensure automated snapshot retention policies are compliant with organizational standards and NIST recommendations:

aws rds modify-db-instance \
--db-instance-identifier mydbinstance \
--backup-retention-period 10 \
--apply-immediately

Fields:

  • backup-retention-period
    : Set this to the required retention period as per the organization's policies.

Conclusion

By following the steps outlined, you can ensure that your RDS DB instances align with NIST CSF v1 recommendations for data backup. Regularly auditing and updating your backup procedures is essential to maintain a robust cybersecurity posture. With these practices in place, RDS backups will contribute to the overall resilience of your cloud infrastructure against data loss and downtime.

Is your System Free of Underlying Vulnerabilities?
Find Out Now