Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Ensure Rule: EFS file systems in a backup plan

Implement a backup plan for EFS file systems to ensure availability

RuleEFS file systems should be in a backup plan
FrameworkSOC 2
Severity
High

Ensuring EFS File Systems are Part of a Backup Plan for SOC 2 Compliance

SOC 2 is a set of guidelines developed by the American Institute of CPAs (AICPA) to ensure secure management of data to protect the interests of an organization and the privacy of its clients. As part of a SOC 2 compliance strategy, it is crucial to have a comprehensive data backup plan that includes Elastic File System (EFS) file systems in an AWS environment.

Understanding the Rule

To meet SOC 2 requirements, organizations must routinely back up and adequately protect all critical data. This includes data stored in AWS Elastic File System (EFS) file systems, which should be included in the organization's backup plan.

Backup Plan Requirements

1. Regular Backups:

The backup plan should ensure that EFS file systems are backed up systematically and frequently to prevent data loss.

2. Secure Backup Storage:

The backups should be stored securely, maintaining the confidentiality, integrity, and availability of data.

3. Data Recovery:

The plan should provide a reliable method for data recovery to quickly restore data in case of loss.

4. Documentation:

There should be clear documentation outlining the backup procedures, schedules, storage, and recovery processes.

Troubleshooting Steps

If an EFS file system is not included in a backup plan, follow these steps:

  1. 1.

    Verify Backup Configuration: Confirm whether the EFS file system has been properly set up to be backed up.

  2. 2.

    Check Backup Policies: Examine the backup policies to ensure they include the necessary EFS file systems.

  3. 3.

    Review IAM Permissions: Validate that the AWS Identity and Access Management (IAM) role has the necessary permissions for the backup service to access the EFS file systems.

  4. 4.

    Monitor Backup Activity: Use AWS CloudWatch to monitor backup activities and set up alarms for any backup failures or issues.

Necessary AWS CLI Commands

Use the AWS Command Line Interface (CLI) to manage EFS backups:

# To create a backup plan
aws backup create-backup-plan --backup-plan file://backup-plan.json

# To assign resources to a backup plan
aws backup create-backup-selection --backup-plan-id <BackupPlanId> --resources file://resource-selection.json

# To list all backup plans
aws backup list-backup-plans

# To list backups for a particular resource (EFS file system)
aws backup list-recovery-points-by-resource --resource-arn <EFSArn>

Step by Step Guide for Remediation

1. Backup Planning:

Develop a detailed backup strategy, including EFS file systems. Specify the frequency and timing of the backups.

2. Implement Backup Procedures:

If not already in place, use AWS Backup or another managed service to include EFS in your backup procedures.

Creating a Backup Plan:

# Create a JSON file defining the backup plan
echo '{
    "BackupPlan": {
        "BackupPlanName": "EFSBackupPlan",
        "Rules": [{
            "RuleName": "DailyBackup",
            "TargetBackupVaultName": "MyBackupVault",
            "ScheduleExpression": "cron(0 12 * * ? *)",
            "StartWindowMinutes": 60,
            "CompletionWindowMinutes": 120,
            "Lifecycle": {
                "MoveToColdStorageAfterDays": 30,
                "DeleteAfterDays": 365
            }
        }]
    }
}' > backup-plan.json

# Use the AWS CLI to create the backup plan
aws backup create-backup-plan --backup-plan file://backup-plan.json

Assigning EFS File Systems to Backup Plan:

# Create a JSON file defining the resource selection
echo '{
    "BackupSelection": {
        "SelectionName": "EfsSelection",
        "IamRoleArn": "arn:aws:iam::123456789012:role/AWSBackupDefaultServiceRole",
        "Resources": [
            "arn:aws:elasticfilesystem:region:account-id:file-system/fs-id"
        ]
    }
}' > resource-selection.json

# Use the AWS CLI to assign resources
aws backup create-backup-selection --backup-plan-id <BackupPlanId> --resources file://resource-selection.json

3. Monitoring and Testing:

Regularly monitor the backup process and perform test recoveries to ensure the integrity of your SOC 2 compliance.

By following these guidelines, you can ensure that your organization's EFS file systems are properly backed up, contributing to SOC 2 compliance and enhancing the resilience of your AWS data storage infrastructure.

Is your System Free of Underlying Vulnerabilities?
Find Out Now