More Info:
This rule checks if a recovery point was created for Amazon Elastic Compute Cloud (Amazon EC2) instances. The rule is NON_COMPLIANT if the Amazon EC2 instance does not have a corresponding recovery point created .Risk Level
HighAddress
ConfigurationCompliance Standards
CBPTriage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration of AWS Elastic Compute Cloud (EC2) instances not having a recovery point, you can set up automated backups using Amazon EC2’s built-in feature called Amazon EC2 Instance Recovery. Here’s a step-by-step guide on how to remediate this issue using the AWS Management Console:
- Login to AWS Console: Go to the AWS Management Console (https://aws.amazon.com/console/) and log in to your AWS account.
- Navigate to EC2 Dashboard: From the AWS Management Console, navigate to the EC2 Dashboard by clicking on “Services” at the top of the page and selecting “EC2” under the Compute section.
- Select EC2 Instances: In the EC2 Dashboard, select the EC2 instance for which you want to enable recovery points by clicking on the checkbox next to the instance ID.
- Enable Instance Recovery: With the instance selected, click on the “Actions” dropdown menu at the top of the page, navigate to the “Instance Settings” option, and then select “Enable Instance Recovery” from the submenu.
- Configure Recovery Settings: In the Enable Instance Recovery dialog box, you can configure the recovery settings such as the “Recovery Time Objective (RTO)” which specifies the maximum time in minutes that the instance can be unavailable during recovery. Set the RTO value based on your recovery point objective.
- Enable Recovery: After configuring the recovery settings, click on the “Enable Instance Recovery” button to enable automated recovery points for the selected EC2 instance.
- Verify Recovery Point: To verify that the recovery point feature is enabled for the EC2 instance, you can check the instance details and look for the “Instance Recovery” status under the “Description” tab.
Using CLI
Using CLI
To remediate the misconfiguration of not having a recovery point for an AWS EC2 instance using AWS CLI, follow these steps:
-
Create an Amazon EBS Snapshot:
- Run the following AWS CLI command to create a snapshot of the EBS volume attached to your EC2 instance:
Replace
<VOLUME_ID>with the ID of the EBS volume attached to your EC2 instance.
- Run the following AWS CLI command to create a snapshot of the EBS volume attached to your EC2 instance:
-
Tag the Snapshot (Optional but recommended):
- It is a best practice to tag your snapshots for better organization and management. You can add tags to the snapshot using the following command:
Replace
<SNAPSHOT_ID>with the ID of the snapshot created in the previous step and<SNAPSHOT_NAME>with a descriptive name for the snapshot.
- It is a best practice to tag your snapshots for better organization and management. You can add tags to the snapshot using the following command:
-
Verify the Snapshot:
- You can verify that the snapshot has been created successfully by running the following command:
Replace
<SNAPSHOT_ID>with the ID of the snapshot created in step 1.
- You can verify that the snapshot has been created successfully by running the following command:
-
Automate Snapshot Creation (Optional):
- To ensure regular snapshots are created for your EC2 instances, you can set up automated snapshot creation using AWS Lambda functions or AWS Backup.
Using Python
Using Python
To remediate the misconfiguration of AWS EC2 instances not having a recovery point, you can create a backup or snapshot of the EC2 instance using Python and AWS Boto3 library. Here are the steps to remediate this issue:
- Install the Boto3 library:
- Create a Python script to take a snapshot of the EC2 instance. Here is an example script:
-
Replace
'YOUR_INSTANCE_ID'and'YOUR_VOLUME_ID'with the actual instance ID and volume ID of the EC2 instance for which you want to create a recovery point. - Run the Python script to create a snapshot of the EC2 instance. This snapshot can be used as a recovery point in case of any issues with the EC2 instance.