More Info:
This rule checks if Amazon Elastic File System (Amazon EFS) File Systems are protected by a backup plan. The rule is NON_COMPLIANT if the EFS File System is not covered by a backup plan.Risk Level
HighAddress
ConfigurationCompliance Standards
CBP,SEBITriage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration of not having a backup plan for Elastic File System (EFS) in AWS EC2 using the AWS Management Console, follow these steps:
- Sign in to the AWS Management Console: Go to https://aws.amazon.com/ and sign in to your AWS account.
- Navigate to the Elastic File System (EFS) Service: Click on the “Services” dropdown in the top navigation bar and select “Elastic File System” under the “Storage” category.
- Select the EFS File System: From the list of EFS file systems, select the EFS file system that you want to create a backup plan for by clicking on its name.
-
Create a Backup Plan:
- Click on the “Backup” tab on the EFS file system details page.
- Click on the “Create Backup Plan” button.
-
Configure Backup Plan:
- Enter a name for the backup plan.
- Choose the backup frequency and retention policy that suits your requirements. For example, you can set up daily backups with a retention period of 30 days.
- Configure any lifecycle policies if needed.
-
Review and Create Backup Plan:
- Review the backup plan configuration to ensure it meets your requirements.
- Click on the “Create” or “Save” button to create the backup plan for the EFS file system.
-
Monitor Backup Plan:
- Once the backup plan is created, you can monitor the backups and their status from the “Backup” tab on the EFS file system details page.
- Ensure that backups are running as per the configured schedule and that you can restore data if needed.
Using CLI
Using CLI
To remediate the misconfiguration of not having a backup plan for Elastic File System (EFS) in AWS EC2 using AWS CLI, you can follow these steps:
-
Create a Backup Plan:
- Use the AWS CLI command
create-backup-planto create a backup plan for your EFS file system. - Specify the backup plan details such as name, schedule, retention policy, and backup vault.
- Example command:
- Use the AWS CLI command
-
Assign Backup Plan to EFS File System:
- Use the AWS CLI command
put-backup-vault-access-policyto assign the created backup plan to your EFS file system. - Specify the EFS file system ID and the ARN of the backup plan.
- Example command:
- Use the AWS CLI command
-
Enable Backup for EFS File System:
- Use the AWS CLI command
start-backup-jobto initiate the backup process for your EFS file system. - Specify the EFS file system ID and the backup vault name.
- Example command:
- Use the AWS CLI command
-
Verify Backup Status:
- Use the AWS CLI command
describe-backup-jobto check the status of the backup job for your EFS file system. - Monitor the progress and ensure that the backup is successfully completed.
- Example command:
- Use the AWS CLI command
Using Python
Using Python
To remediate the misconfiguration of not having a backup plan for Elastic File System (EFS) in AWS EC2 using Python, you can follow these steps:
-
Install Boto3: Boto3 is the AWS SDK for Python. You can install it using pip:
-
Create a Backup Plan: You can create a backup plan using AWS Backup service. Here’s an example Python script to create a backup plan for your EFS:
Make sure to replace the
resource_arnwith the ARN of your EFS file system and customize the backup plan name, rule, and schedule as needed. -
Run the Python Script: Save the above Python script in a file (e.g.,
create_backup_plan.py) and run it using Python: -
Verify Backup Plan: You can verify the backup plan by checking the AWS Backup console or by listing the backup plans using the AWS CLI: