Products

Solutions

Company

Book A Live Demo

Rule: RDS DB Instance Protected by Backup Plan

This rule ensures that the RDS DB instance is protected by a backup plan to maintain data integrity and availability.

Rule	RDS DB instance should be protected by backup plan
Framework	SOC 2
Severity	✔ High

Amazon RDS Backup Compliance for SOC 2

Overview

SOC 2 compliance is a framework for managing data and ensuring the security, availability, privacy, and confidentiality of customer information. As such, an AWS RDS DB instance must adhere to strict backup policies to meet SOC 2 requirements. The rule here is that your RDS instances must be regularly backed up to prevent data loss and allow for recovery in the event of an incident.

RDS Backup Requirements for SOC 2

Automated backups should be enabled.
Backup retention periods must be in line with organizational data retention policies.
Backups should be encrypted to ensure data is protected during transit and at rest.
Regular backup testing should be performed to ensure that data recovery processes are effective.

Troubleshooting Backup Issues

If backups are not functioning as expected, follow these steps:

1.
Check if automated backups are enabled.

2.
Verify the backup retention period settings.

3.
Ensure that the database instance has the necessary permissions for the backup service.

4.
Confirm that there is adequate storage space for backups.

5.
Review the RDS event logs for any backup-related errors.

Enabling and Configuring RDS Backups via AWS CLI

Enabling Automated Backups

aws rds modify-db-instance \
    --db-instance-identifier <your-db-instance-id> \
    --backup-retention-period <desired-retention-period-in-days> \
    --apply-immediately

Replace

<your-db-instance-id>

with your actual DB instance identifier and

<desired-retention-period-in-days>

with an integer representing the number of days you want to retain your backups (usually between 7-35 days, in alignment with your SOC 2 policy).

Configuring Backup Encryption

aws rds modify-db-instance \
    --db-instance-identifier <your-db-instance-id> \
    --storage-encrypted \
    --kms-key-id <your-kms-key-id> \
    --apply-immediately

<your-kms-key-id>

is the identifier for the AWS KMS key that you want to use to encrypt your backups.

Setting Backup Window

aws rds modify-db-instance \
    --db-instance-identifier <your-db-instance-id> \
    --preferred-backup-window <time-window> \
    --apply-immediately

<time-window>

should be replaced with your desired backup window time, using the format

hh24:mi-hh24:mi

(e.g.,

00:00-03:00

Step by Step Guide for Remediation

To ensure SOC 2 compliance for RDS backup:

1.
Log in to the Amazon RDS Console.

2.
Select the RDS instance you want to configure.

3.
Under the 'Instance Actions' dropdown, select 'Modify'.

4.
In the 'Backup' section, set 'Backup Retention Period' to the required number of days.

5.
Choose the 'Enable encryption' option for backups.

6.
Select a Key Management Service (KMS) key for encryption.

7.
Set the 'Backup Window' to a time that suits your workload.

8.
Click 'Continue' and then 'Modify DB Instance' to apply changes.

9.
To enforce these settings via AWS CLI, use the commands provided earlier with the appropriate parameters.

Following these guidelines and using the commands provided will help ensure that your RDS DB instances comply with SOC 2 backup requirements, enhancing your readiness for compliance audits.

Rule: RDS DB Instance Protected by Backup Plan

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Overview

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}RDS Backup Requirements for SOC 2

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Backup Issues

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Enabling and Configuring RDS Backups via AWS CLI

.css-1ekaeh4{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:22px;font-weight:700;margin-top:1rem;margin-bottom:0rem;}Enabling Automated Backups

.css-1ekaeh4{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:22px;font-weight:700;margin-top:1rem;margin-bottom:0rem;}Configuring Backup Encryption

.css-1ekaeh4{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:22px;font-weight:700;margin-top:1rem;margin-bottom:0rem;}Setting Backup Window

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step by Step Guide for Remediation

Is your System Free of Underlying Vulnerabilities? Find Out Now