More Info:

This rule checksif a recovery point was created for Amazon Relational Database Service (Amazon RDS). The rule is NON_COMPLIANT if the Amazon RDS instance does not have a corresponding recovery point

Risk Level

High

Address

Configuration

Compliance Standards

CBP,SEBI

Triage and Remediation

Remediation

Using Console

To remediate the misconfiguration of not having Storage Gateway Recovery Point created for AWS EC2 using the AWS console, follow these step-by-step instructions:
  1. Sign in to the AWS Management Console: Go to https://aws.amazon.com/ and sign in to your AWS account.
  2. Navigate to AWS Storage Gateway: Go to the AWS Management Console and search for “Storage Gateway” in the services search bar.
  3. Select your Storage Gateway: In the Storage Gateway console, select the Storage Gateway that is associated with your EC2 instance.
  4. Create a Recovery Point: Within the Storage Gateway console, navigate to the “Volumes” section and select the volume that is associated with your EC2 instance.
  5. Initiate a Snapshot: In the volume details page, locate the option to create a recovery point or snapshot. Click on the “Create Snapshot” or “Create Recovery Point” button.
  6. Configure Snapshot settings: Follow the on-screen instructions to configure the snapshot settings, such as the snapshot description, frequency, and retention period.
  7. Review and Confirm: Review the snapshot settings to ensure they meet your requirements, then click on the “Create Snapshot” or “Create Recovery Point” button to initiate the snapshot creation process.
  8. Monitor Snapshot Creation: Monitor the snapshot creation process in the Storage Gateway console. Once the snapshot is successfully created, you have now remediated the misconfiguration of not having a Storage Gateway Recovery Point created for your AWS EC2 instance.
By following these steps, you have successfully remediated the misconfiguration of not having a Storage Gateway Recovery Point created for your AWS EC2 instance using the AWS console.

To remediate the misconfiguration of not having Storage Gateway Recovery Point created for AWS EC2 using AWS CLI, you can follow these steps:
  1. Install and Configure AWS CLI: If you haven’t already, install and configure the AWS Command Line Interface (CLI) on your local machine. You can refer to the official AWS documentation for instructions on how to do this.
  2. Enable Storage Gateway for EC2 Instance: Ensure that the AWS Storage Gateway service is enabled for the specific EC2 instance that requires a Recovery Point. You can do this by navigating to the AWS Management Console, selecting the EC2 service, choosing the specific instance, and enabling the Storage Gateway service.
  3. Create a Recovery Point using AWS CLI: Use the AWS CLI to create a Recovery Point for the Storage Gateway associated with the EC2 instance. You can use the following command to create a Recovery Point: 
    aws storagegateway create-snapshot-from-volume-recovery-point --volume-arn <VOLUME_ARN>
    Replace <VOLUME_ARN> with the Amazon Resource Name (ARN) of the volume associated with the EC2 instance.
  4. Verify the Recovery Point: After executing the command, verify that the Recovery Point has been successfully created by checking the AWS Storage Gateway console or by running the following command: 
    aws storagegateway list-volume-recovery-points --gateway-arn <GATEWAY_ARN>
    Replace <GATEWAY_ARN> with the ARN of the Storage Gateway associated with the EC2 instance.
  5. Set up Automated Recovery Point Creation (Optional): To ensure that Recovery Points are created regularly, you can set up a scheduled task or automation using AWS CloudWatch Events or AWS Lambda to trigger the creation of Recovery Points at specified intervals.
By following these steps, you can successfully remediate the misconfiguration of not having Storage Gateway Recovery Points created for the AWS EC2 instance using AWS CLI.
To remediate the misconfiguration of not having Storage Gateway recovery points created for AWS EC2 instances using Python, you can follow these steps:
  1. Install the AWS SDK for Python (Boto3) by running the following command: 
    pip install boto3
  2. Create a Python script to automate the process of creating recovery points for the AWS Storage Gateway. Below is a sample script that you can use: 
import boto3

# Initialize the AWS service clients
client = boto3.client('storagegateway')

# Specify the Gateway ARN for the Storage Gateway that is associated with the EC2 instance
gateway_arn = 'YOUR_GATEWAY_ARN'

# Create a recovery point for the specified Gateway ARN
response = client.create_tape_recovery_point(
    GatewayARN=gateway_arn
)

# Print the response
print(response)
  1. Replace 'YOUR_GATEWAY_ARN' with the actual ARN of the Storage Gateway that is associated with the EC2 instance.
  2. Run the Python script to create a recovery point for the specified Storage Gateway. This will ensure that recovery points are created for the EC2 instance.
By following these steps and running the Python script, you can remediate the misconfiguration of not having Storage Gateway recovery points created for AWS EC2 instances.