FSx Should Have Backup Plan

More Info:

This rule checks if Amazon FSx File Systems are protected by a backup plan. The rule is NON_COMPLIANT if the Amazon FSx File System is not covered by a backup plan.

Risk Level

High

Address

Configuration

Compliance Standards

CBP,SEBI,RBI_MD_ITF

Triage and Remediation

Using Console

Using CLI

To remediate the misconfiguration of not having a backup plan for FSx on AWS EC2 using AWS CLI, you can follow these steps:

Install and Configure AWS CLI: If you haven’t already installed and configured the AWS CLI, you can do so by following the instructions provided in the AWS documentation: Installing the AWS CLI and Configuring the AWS CLI.
Enable Backup for FSx File Systems: You can enable backup for your FSx file systems using the AWS CLI by running the following command:
```
aws fsx update-file-system --file-system-id fs-1234567890abcdef0 --backup-id backup-0abcdef1234567890 --windows-configuration AutomaticBackupRetentionDays=30,ThroughputCapacity=8
```
Replace fs-1234567890abcdef0 with the ID of your FSx file system and backup-0abcdef1234567890 with the ID of the backup you want to associate with the file system. You can adjust the AutomaticBackupRetentionDays and ThroughputCapacity values as needed.
Verify Backup Configuration: To ensure that backup has been successfully enabled for your FSx file system, you can run the following command:
```
aws fsx describe-file-systems --file-system-ids fs-1234567890abcdef0
```
This command will provide detailed information about your FSx file system, including its backup configuration.
Automate Backup Scheduling (Optional): If you want to automate the scheduling of backups for your FSx file system, you can create a backup policy using the AWS CLI. Here is an example command to create a backup policy:
```
aws fsx create-backup-policy --file-system-id fs-1234567890abcdef0 --daily-backup-start-time 01:00:00 --automatic-backup-retention-days 30
```
This command will create a backup policy for the specified file system that triggers a daily backup at 01:00:00 UTC and retains the backups for 30 days.

By following these steps, you can remediate the misconfiguration of not having a backup plan for FSx on AWS EC2 using the AWS CLI.

Using Python

To remediate the misconfiguration of not having a backup plan for FSx in AWS, you can create a backup plan using Python Boto3 library. Here are the step-by-step instructions to remediate this issue:

Install Boto3 library:
```
pip install boto3
```
Configure AWS credentials: Ensure that you have configured your AWS credentials either by setting environment variables or using AWS CLI aws configure command.
Use the following Python script to create a backup plan for FSx in AWS EC2:

import boto3

def remediate_efs_resources_backup_plan(file_system_arns, backup_vault_name):
    # Initialize AWS Backup client
    backup_client = boto3.client('backup')

    # Create a backup plan for the specified EFS file systems
    response = backup_client.create_backup_plan(
        BackupPlan={
            'BackupPlanName': 'YourBackupPlanName',
            'BackupPlanRule': {
                'RuleName': 'DefaultRule',
                'TargetBackupVaultName': backup_vault_name,
                'ScheduleExpression': 'cron(0 0 * * ? *)',  # Example: Daily backup at midnight
                'StartWindowMinutes': 60,
                'CompletionWindowMinutes': 60,
            },
            'AdvancedBackupSettings': [
                {
                    'BackupOptions': {
                        'WindowsVSS': False,
                        'BackupMode': 'FULL',
                        'FileSystemLifecycle': 'SYSTEM'
                    },
                    'ResourceType': 'EFS'
                }
            ]
        }
    )

    print("Backup plan created successfully.")

def main():
    # Specify the ARNs of the EFS file systems to protect
    file_system_arns = ['your-file-system-arn1', 'your-file-system-arn2']

    # Specify the name of the backup vault
    backup_vault_name = 'your-backup-vault-name'

    # Remediate EFS resources by creating a backup plan
    remediate_efs_resources_backup_plan(file_system_arns, backup_vault_name)

if __name__ == "__main__":
    main()

Replace 'your-file-system-arn1', 'your-file-system-arn2' with the ARNs of the EFS file systems you want to protect, and 'your-backup-vault-name' with the name of the backup vault where backups will be stored. This script creates a backup plan for the specified EFS file systems, ensuring they are protected by backups according to the specified schedule and retention policy. Adjust the backup plan settings as needed.

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

FSx Should Have Backup Plan

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation