Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: RDS DB Instances Should Be in a Backup Plan

Ensure that RDS DB instances are included in a backup plan for data protection and recovery purposes.

RuleRDS DB instances should be in a backup plan
FrameworkRBI Cyber Security Framework
Severity
High

Rule: RDS DB instances should be in a backup plan for RBI Cyber Security Framework

Description:

As per the RBI (Reserve Bank of India) Cyber Security Framework, it is mandatory to have a backup plan for all RDS (Relational Database Service) DB instances. A backup plan ensures the availability and recoverability of critical data in case of any unforeseen events, such as system failures, accidental deletions, or security breaches. This rule aims to protect and safeguard the data stored in RDS DB instances against any potential loss or damage.

Troubleshooting Steps:

If you encounter any issues related to the backup plan for RDS DB instances, follow these troubleshooting steps to rectify them:

  1. 1.

    Issue: Backup plan not implemented.

    • Troubleshooting Steps:
      • Make sure that backup settings are configured for each RDS DB instance.
      • Verify that the backup retention period is set to an appropriate value.
      • Check if the automated backup schedule is enabled.
  2. 2.

    Issue: Backup plan misconfiguration.

    • Troubleshooting Steps:
      • Review the backup plan settings for each RDS DB instance and ensure they align with the RBI Cyber Security Framework requirements.
      • Verify that the backup plan covers all critical databases and tables.
      • Ensure that the backup process is running smoothly without any errors.
  3. 3.

    Issue: Backup failures.

    • Troubleshooting Steps:
      • Check the RDS event logs to identify any errors or specific reasons for backup failures.
      • Ensure that there is sufficient storage available for backups.
      • Verify that the IAM role or user credentials used for backup operations have the necessary permissions and access rights.

Necessary Codes:

The following AWS CLI commands can be used to configure and manage the backup plan for RDS DB instances:

  1. 1.
    To enable automated backups for an RDS DB instance:
aws rds modify-db-instance --db-instance-identifier <db-instance-identifier> --backup-retention-period <retention-period>

Note: Replace

<db-instance-identifier>
with the actual ID of the RDS DB instance and
<retention-period>
with the desired number of days to retain backups.

  1. 1.
    To check the backup settings for an RDS DB instance:
aws rds describe-db-instances --db-instance-identifier <db-instance-identifier> --query "DBInstances[].BackupRetentionPeriod"

Note: Replace

<db-instance-identifier>
with the actual ID of the RDS DB instance.

  1. 1.
    To view the automated backup schedule for an RDS DB instance:
aws rds describe-db-instances --db-instance-identifier <db-instance-identifier> --query "DBInstances[].BackupWindow"

Note: Replace

<db-instance-identifier>
with the actual ID of the RDS DB instance.

Step-by-Step Guide for Remediation:

Follow the steps below to ensure compliance with the RBI Cyber Security Framework regarding the backup plan for RDS DB instances:

  1. 1.

    Identify the RDS DB instances that need to be included in the backup plan.

  2. 2.

    Enable automated backups for each RDS DB instance using the AWS CLI command mentioned above:

    • Set an appropriate retention period for backups.
    • Example command:
      aws rds modify-db-instance --db-instance-identifier my-db-instance --backup-retention-period 7
      (This sets the retention period to 7 days. Adjust the value as per your requirements.)
  3. 3.

    Verify the backup settings for each RDS DB instance using the AWS CLI command:

    • Example command:
      aws rds describe-db-instances --db-instance-identifier my-db-instance --query "DBInstances[].BackupRetentionPeriod"
  4. 4.

    Validate the automated backup schedule for each RDS DB instance using the AWS CLI command:

    • Example command:
      aws rds describe-db-instances --db-instance-identifier my-db-instance --query "DBInstances[].BackupWindow"
  5. 5.

    Monitor the backups regularly to ensure they are successfully executed without any failures.

  6. 6.

    If any backup issues occur, follow the troubleshooting steps mentioned above to rectify them.

By following these steps, you will ensure that all RDS DB instances are properly included in a backup plan as required by the RBI Cyber Security Framework, protecting critical data and ensuring business continuity.

Is your System Free of Underlying Vulnerabilities?
Find Out Now