Recovery Point Retention Should Be Reviewed
More Info:
This rule checks if a recovery point expires no earlier than after the specified period. The rule is NON_COMPLIANT if the recovery point has a retention point that is less than the required retention period.Risk Level
MediumAddress
ConfigurationCompliance Standards
CBP,RBI_MD_ITFTriage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration related to Recovery Point Retention for AWS EC2 instances using the AWS Management Console, follow these steps:
- Login to AWS Console: Go to the AWS Management Console (https://aws.amazon.com/console/) and log in with your credentials.
- Navigate to AWS Backup: In the AWS Management Console, search for “Backup” in the services search bar and click on “AWS Backup” to open the AWS Backup console.
- Review Backup Plans: In the AWS Backup console, navigate to the “Backup plans” section on the left-hand side menu.
- Select the Backup Plan: Identify the backup plan that is associated with the EC2 instances for which you want to review the Recovery Point Retention.
- Edit Backup Plan: Click on the backup plan that you want to review and adjust the Recovery Point Retention settings for. Click on the “Edit” button to modify the backup plan.
- Adjust Recovery Point Retention: In the backup plan settings, locate the section related to Recovery Point Retention. Here, you can set the desired retention period for the backups of your EC2 instances. Ensure that the retention period aligns with your organization’s backup and recovery requirements.
- Save Changes: Once you have adjusted the Recovery Point Retention settings as per your requirements, click on the “Save Changes” button to apply the modifications to the backup plan.
- Monitor Backup Jobs: After updating the Recovery Point Retention settings, monitor the backup jobs to ensure that the backups are being created and retained according to the new configuration.
Using CLI
Using CLI
To remediate the issue of Recovery Point Retention in AWS EC2 using AWS CLI, you can follow these steps:Step 1: List all the existing Amazon EC2 Backup plans to identify the retention settings on AWS CLI.Step 2: Identify the Backup Plan ID that needs to be updated based on the retention settings.Step 3: Update the Backup Plan with the desired Recovery Point Retention settings. For example, to set the retention to 30 days, you can use the following command:Step 4: Verify the updated Backup Plan to ensure the changes have been applied successfully.By following these steps, you can remediate the issue of Recovery Point Retention in AWS EC2 using AWS CLI by updating the Backup Plan with the desired retention settings.
Using Python
Using Python
To remediate the misconfiguration of Recovery Point Retention in AWS EC2 using Python, you can follow these steps:
-
Install Boto3: Boto3 is the AWS SDK for Python. You can install it using pip:
- Write a Python script to update the Recovery Point Retention for EC2 instances. Here is a sample script that sets the Recovery Point Retention to 30 days for all EC2 instances:
- Run the Python script: Save the script in a file (e.g.,
update_recovery_point_retention.py) and run it using the Python interpreter. Make sure you have the necessary IAM permissions to modify EC2 instances.