EC2 Instances Should Have Backup Plan Protection
More Info:
This rule checks if Amazon Elastic Compute Cloud (Amazon EC2) instances are protected by a backup plan. The rule is NON_COMPLIANT if the Amazon EC2 instance is not covered by a backup plan.Risk Level
HighAddress
ConfigurationCompliance Standards
CBPTriage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration of EC2 instances not having a backup plan in AWS, you can set up automated backups using Amazon EBS snapshots. Here’s a step-by-step guide on how to do this using the AWS Management Console:
- Sign in to the AWS Management Console: Go to https://aws.amazon.com/ and sign in to the AWS Management Console using your credentials.
- Navigate to the EC2 Dashboard: Click on the “Services” dropdown menu at the top of the page, select “EC2” under the “Compute” section to go to the EC2 Dashboard.
- Select the EC2 Instance: In the EC2 Dashboard, select the EC2 instance for which you want to set up automated backups.
-
Create an Amazon EBS Snapshot:
- Select the EBS volume attached to the EC2 instance.
- Click on the “Actions” dropdown menu, navigate to “Create snapshot” and click on it.
- Enter a descriptive name for the snapshot and click on “Create snapshot”.
-
Set up Automated Backups:
- In the EC2 Dashboard, under the “ELASTIC BLOCK STORE” section, click on “Snapshots”.
- Select the snapshot that you created in the previous step.
- Click on the “Actions” dropdown menu and select “Create Lifecycle Policy”.
- Enter a name for the policy, set the frequency and retention period for backups, and click on “Create policy”.
-
Monitor Backup Status:
- To monitor the backup status, go to the EC2 Dashboard, click on “Instances” in the navigation pane, and select the EC2 instance.
- Under the “Description” tab, you can view the details of the automated backups and their status.
Using CLI
Using CLI
To remediate the misconfiguration of EC2 instances not having backup plan protection in AWS using AWS CLI, you can follow these steps:
-
Identify EC2 Instances: First, you need to identify the EC2 instances that do not have backup plan protection enabled. You can use the following AWS CLI command to list all EC2 instances in your account:
-
Enable Backup Plan Protection: To enable backup plan protection for EC2 instances, you can create a backup plan using AWS Backup service. Here’s an example command to create a backup plan:
-
Assign Backup Plan to EC2 Instances: Next, you need to assign the backup plan to the EC2 instances. You can use the following AWS CLI command to assign the backup plan to the EC2 instances:
-
Verify Backup Plan Protection: Finally, you should verify that the backup plan protection has been successfully enabled for the EC2 instances. You can check the backup status using the AWS Backup console or the following AWS CLI command:
Using Python
Using Python
To remediate the misconfiguration of EC2 instances not having a backup plan protection in AWS using Python, you can follow these steps:
- Identify EC2 Instances: Use the Boto3 library in Python to list all the EC2 instances in your AWS account.
- Create AMI Backups: For each identified EC2 instance, create an AMI backup. This will serve as a snapshot of the instance that can be used to restore it if needed.
- Set Up Lifecycle Policies: Configure lifecycle policies to manage the retention of your AMIs to avoid unnecessary costs and clutter. You can do this using the
create_lifecycle_policymethod in Boto3.
- Automate Backup Process: Set up a cron job or a Lambda function to automate the backup process at regular intervals.