Backup Plan Should Have Retention Period.

More Info:

This rule checks if a backup plan has a backup rule that satisfies the retention period. The rule is NON_COMPLIANT if recovery points are not created at least as often as the specified frequency or expire before the specified period.

Risk Level

High

Address

Configuration

Compliance Standards

CBP,RBI_MD_ITF,RBI_UCB

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the misconfiguration of not having a retention period set for the backup plan in AWS EC2 using AWS CLI, follow these steps:

List Backup Plans: First, list all the existing backup plans to identify the one that needs to be updated. You can use the following AWS CLI command:
```
aws backup list-backup-plans
```
Update Backup Plan: Once you have identified the backup plan that needs to be updated, you can use the following AWS CLI command to update the backup plan with a retention period:
```
aws backup update-backup-plan --backup-plan-id <backup-plan-id> --lifecycle ResourceType=EC2,DeleteAfterDays=<retention-period>
```
Replace <backup-plan-id> with the ID of the backup plan that needs to be updated and <retention-period> with the number of days you want to retain the backups.
Verify: Finally, verify that the retention period has been set successfully by listing the details of the updated backup plan using the following AWS CLI command:
```
aws backup get-backup-plan --backup-plan-id <backup-plan-id>
```
This command will display the details of the backup plan, including the retention period for EC2 resources.

By following these steps, you can remediate the misconfiguration of not having a retention period set for the backup plan in AWS EC2 using AWS CLI.

Using Python

To remediate the misconfiguration of not having a retention period set for the backup plan in AWS EC2 using Python, you can follow these steps:

Install the AWS SDK for Python (Boto3) if you haven’t already. You can install it using pip:
```
pip install boto3
```
Write a Python script to update the backup plan with the desired retention period. Here is an example script to set a retention period of 30 days for a backup plan in AWS EC2:

import boto3

# Initialize the EC2 client
client = boto3.client('backup')

# Specify the Backup Plan Id for which you want to update the retention period
backup_plan_id = 'your_backup_plan_id_here'

# Specify the desired retention period in days
retention_period = 30

# Update the backup plan with the new retention period
response = client.update_backup_plan(
    BackupPlanId=backup_plan_id,
    BackupPlan={
        'BackupPlanName': 'YourBackupPlanName',
        'Rules': [
            {
                'RuleName': 'DefaultBackupRule',
                'TargetBackupVaultName': 'Default',
                'ScheduleExpression': 'cron(0 0 * * ? *)',
                'StartWindowMinutes': 60,
                'CompletionWindowMinutes': 60,
                'Lifecycle': {
                    'DeleteAfterDays': retention_period
                }
            }
        ]
    }
)

# Print the response
print(response)

Replace 'your_backup_plan_id_here' with the actual Backup Plan Id that you want to update.
Replace 'YourBackupPlanName' with the name of your backup plan.
Run the Python script to update the backup plan with the specified retention period.

After running this script, the backup plan in AWS EC2 will be updated with the specified retention period, ensuring that backups are retained for the desired duration.

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

Backup Plan Should Have Retention Period.

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation