Elastic File System Should Have Recovery Point

More Info:

This rule checks if a recovery point was created for Amazon Elastic File System (Amazon EFS) File Systems. The rule is NON_COMPLIANT if the Amazon EFS File System does not have a corresponding Recovery Point created within the specified time period.

Risk Level

High

Address

Configuration

Compliance Standards

CBP,SEBI

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the misconfiguration of Elastic File System (EFS) not having a Recovery Point in AWS, you can follow these steps using AWS CLI:

Create a Backup Policy:
- Run the following AWS CLI command to create a backup policy for your EFS file system:
  aws efs put-backup-policy --file-system-id <your-file-system-id> --backup-policy "{\"Status\":\"ENABLED\",\"Rules\":[{\"Id\":\"DailyBackup\",\"VolumeBackups\":[{\"Type\":\"AUTOMATIC\",\"Lifecycle\":\"AFTER_7_DAYS\"}]}]}"
- Replace <your-file-system-id> with the actual ID of your EFS file system.
- This command will enable automatic backups for your EFS file system with a retention period of 7 days.
Verify Backup Policy:
- To verify that the backup policy has been successfully applied, you can run the following command:
  aws efs describe-backup-policy --file-system-id <your-file-system-id>
- This command will display the backup policy details for your EFS file system.

By following these steps, you can remediate the misconfiguration of Elastic File System not having a Recovery Point by creating a backup policy with automatic backups enabled for your AWS EC2 instance using AWS CLI.

Using Python

To remediate the misconfiguration of an Elastic File System (EFS) not having a recovery point in AWS EC2 using Python, you can use the AWS SDK for Python (Boto3) to create a backup of the EFS file system. Here’s a step-by-step guide on how to do this:

Install the Boto3 library if you haven’t already:

pip install boto3

Configure your AWS credentials either by setting environment variables or using the AWS CLI:

aws configure

Create a Python script with the following code to create a backup of the EFS file system:

import boto3

# Specify the region where your EFS file system is located
region = 'us-west-1'

# Specify the ID of the EFS file system you want to create a backup for
efs_id = 'fs-12345678'

# Initialize the EFS client
efs_client = boto3.client('efs', region_name=region)

# Create a backup of the EFS file system
response = efs_client.create_backup(
    FileSystemId=efs_id,
    BackupTag={'Key': 'Name', 'Value': 'MyEFSBackup'}
)

print(response)

Run the Python script to create a backup of the EFS file system. Make sure to replace the region and efs_id variables with your actual values.

After running this script, a backup of the specified EFS file system will be created, providing you with a recovery point in case of any data loss or corruption.

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

Elastic File System Should Have Recovery Point

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation