Ensure that RDS DB instances are included in a backup plan for data protection and recovery purposes.
Rule | RDS DB instances should be in a backup plan |
Framework | RBI Cyber Security Framework |
Severity | ✔ High |
Rule: RDS DB instances should be in a backup plan for RBI Cyber Security Framework
Description:
As per the RBI (Reserve Bank of India) Cyber Security Framework, it is mandatory to have a backup plan for all RDS (Relational Database Service) DB instances. A backup plan ensures the availability and recoverability of critical data in case of any unforeseen events, such as system failures, accidental deletions, or security breaches. This rule aims to protect and safeguard the data stored in RDS DB instances against any potential loss or damage.
Troubleshooting Steps:
If you encounter any issues related to the backup plan for RDS DB instances, follow these troubleshooting steps to rectify them:
Issue: Backup plan not implemented.
Issue: Backup plan misconfiguration.
Issue: Backup failures.
Necessary Codes:
The following AWS CLI commands can be used to configure and manage the backup plan for RDS DB instances:
aws rds modify-db-instance --db-instance-identifier <db-instance-identifier> --backup-retention-period <retention-period>
Note: Replace
<db-instance-identifier>
with the actual ID of the RDS DB instance and <retention-period>
with the desired number of days to retain backups.aws rds describe-db-instances --db-instance-identifier <db-instance-identifier> --query "DBInstances[].BackupRetentionPeriod"
Note: Replace
<db-instance-identifier>
with the actual ID of the RDS DB instance.aws rds describe-db-instances --db-instance-identifier <db-instance-identifier> --query "DBInstances[].BackupWindow"
Note: Replace
<db-instance-identifier>
with the actual ID of the RDS DB instance.Step-by-Step Guide for Remediation:
Follow the steps below to ensure compliance with the RBI Cyber Security Framework regarding the backup plan for RDS DB instances:
Identify the RDS DB instances that need to be included in the backup plan.
Enable automated backups for each RDS DB instance using the AWS CLI command mentioned above:
aws rds modify-db-instance --db-instance-identifier my-db-instance --backup-retention-period 7
(This sets the retention period to 7 days. Adjust the value as per your requirements.)Verify the backup settings for each RDS DB instance using the AWS CLI command:
aws rds describe-db-instances --db-instance-identifier my-db-instance --query "DBInstances[].BackupRetentionPeriod"
Validate the automated backup schedule for each RDS DB instance using the AWS CLI command:
aws rds describe-db-instances --db-instance-identifier my-db-instance --query "DBInstances[].BackupWindow"
Monitor the backups regularly to ensure they are successfully executed without any failures.
If any backup issues occur, follow the troubleshooting steps mentioned above to rectify them.
By following these steps, you will ensure that all RDS DB instances are properly included in a backup plan as required by the RBI Cyber Security Framework, protecting critical data and ensuring business continuity.