Rule: RDS Aurora Clusters Should Be Protected by Backup Plan
This rule ensures that RDS Aurora clusters have a backup plan for protection.
| Rule | RDS Aurora clusters should be protected by backup plan |
| Framework | SOC 2 |
| Severity | ✔ Medium |
Rule Description:
RDS Aurora clusters should have a backup plan in place to comply with SOC 2 requirements. This backup plan ensures that data stored in the Aurora cluster is regularly backed up, making it easier to recover in case of data loss, system failures, or other unforeseen events.
Troubleshooting Steps:
If your RDS Aurora cluster does not have a backup plan configured, follow these troubleshooting steps:
- 1.
Check the current backup status of your RDS Aurora cluster. You can do this by logging into the AWS Management Console and navigating to the Amazon RDS service.
- 2.
Ensure that the automated backups feature is enabled for the Aurora cluster. If it is disabled, you will need to enable it.
- 3.
Verify that a suitable backup retention period is set up. The backup retention period determines how long automated backups of your Aurora cluster will be retained. Make sure the retention period aligns with your compliance requirements.
- 4.
Confirm that backups are being performed regularly. Review the backup schedule to ensure that it meets the desired frequency.
- 5.
Check the available storage for backups. Ensure that there is sufficient storage allocated to accommodate the backups needed for your RDS Aurora cluster.
- 6.
Test the backup and restore functionality by performing a trial restore of a backup. This will help ensure that the backup plan is working as expected.
Necessary Codes:
The following AWS CLI commands can be used to configure and manage the backup plan for your RDS Aurora cluster:
- 1.
Enable automated backups for the Aurora cluster:
aws rds modify-db-cluster \ --db-cluster-identifier <cluster-identifier> \ --backup-retention-period <retention-period-in-days> - 2.
Set the desired backup retention period:
aws rds modify-db-cluster \ --db-cluster-identifier <cluster-identifier> \ --backup-retention-period <retention-period-in-days> - 3.
Modify the backup window schedule:
aws rds modify-db-cluster \ --db-cluster-identifier <cluster-identifier> \ --preferred-backup-window <backup-window> - 4.
Check the backup status:
aws rds describe-db-clusters \ --db-cluster-identifier <cluster-identifier> \ --query "DBClusters[0].LatestRestorableTime" - 5.
Restore the cluster to a specific point in time:
aws rds restore-db-cluster-to-point-in-time \ --db-cluster-identifier <new-cluster-identifier> \ --source-db-cluster-identifier <source-cluster-identifier> \ --restore-to-time <timestamp>
Step-by-Step Guide for Remediation:
Follow these steps to configure the backup plan for your RDS Aurora cluster:
- 1.
Log in to the AWS Management Console and navigate to the Amazon RDS service.
- 2.
Select "Clusters" from the left sidebar and click on your RDS Aurora cluster.
- 3.
In the cluster details page, click on the "Modify" button.
- 4.
Enable automated backups by ticking the checkbox for "Enable backups" under the "Backup" section.
- 5.
Set the desired backup retention period by specifying the number of days in the "Backup retention period" field.
- 6.
Customize the backup window schedule by providing the preferred backup start time in the "Preferred backup window" field.
- 7.
Click on the "Continue" button and review the summary of changes.
- 8.
Confirm the changes and click on the "Modify cluster" button to save the configuration.
- 9.
Monitor the cluster status to ensure that backups are being performed as scheduled.
- 10.
Perform a trial restore of a backup to validate the backup and restore functionality.
By following these steps, you will successfully configure a backup plan for your RDS Aurora cluster, meeting the backup requirements for SOC 2 compliance.