More Info:
This rule checks if the Amazon ElastiCache Redis clusters have automatic backup turned on. The rule is NON_COMPLIANT if the SnapshotRetentionLimit for Redis cluster is less than the SnapshotRetentionPeriod parameter. For example: If the parameter is 15 then the rule is non-compliant if the snapshotRetentionPeriod is between 0-15.Risk Level
HighAddress
ConfigurationCompliance Standards
CBP,SEBI,RBI_MD_ITF,RBI_UCBTriage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration for AWS ElastiCache clusters not having automatic backups enabled, follow these steps using the AWS Management Console:
- Sign in to the AWS Management Console: Go to https://aws.amazon.com/ and sign in to your AWS account.
- Navigate to ElastiCache Dashboard: Click on the “Services” dropdown menu at the top, and then select “ElastiCache” under the “Database” category.
- Select the ElastiCache Cluster: In the ElastiCache dashboard, select the ElastiCache cluster for which you want to enable automatic backups by clicking on the cluster ID.
- Modify Cluster Settings: In the cluster details page, click on the “Modify” button at the top right corner.
- Enable Automatic Backups: Scroll down to the “Backup” section in the Modify Cluster page. Check the box next to “Automatic backups” to enable automatic backups for the ElastiCache cluster.
- Configure Backup Retention Period: Set the desired backup retention period. You can choose the number of days for which you want to retain the automatic backups.
- Save Changes: Scroll down to the bottom of the page and click on the “Modify” button to save the changes.
- Monitor Backup Status: Once the modifications are saved, monitor the status of the automatic backups in the ElastiCache dashboard to ensure that they are running as expected.
Using CLI
Using CLI
To remediate the misconfiguration of Elasticache clusters not having automatic backups enabled for AWS Elasticache using the AWS CLI, follow these steps:
-
Enable automatic backups for the Elasticache cluster:
Run the following AWS CLI command to modify the Elasticache cluster’s backup retention period and enable automatic backups:
Replace
your-cluster-idwith the actual ID of the Elasticache cluster. -
Verify the configuration:
You can verify that automatic backups are enabled for the Elasticache cluster by describing the cluster using the following command:
Ensure that the
AutomaticFailoverEnabledparameter is set totrueand theSnapshotRetentionLimitis set to the desired value (in days). -
Monitor the backups:
After enabling automatic backups, monitor the backups to ensure they are being created as expected. You can do this by checking the AWS Management Console or by using the AWS CLI to list the backups:
This command will list all the snapshots associated with the Elasticache cluster.
Using Python
Using Python
To enable automatic backups for an Amazon Elasticache cluster using Python, you can use the AWS SDK for Python (Boto3) to interact with the AWS API. Here are the step-by-step instructions to remediate this misconfiguration:
Modify the snapshot retention period for the replication group
response = elasticache_client.modify_replication_group( ReplicationGroupId=replication_group_id, SnapshotRetentionLimit=retention_period ) print(f”Snapshot retention period for replication group '' updated to .”)def main():Specify the ID of the ElastiCache Redis replication group to remediate
replication_group_id = ‘your-replication-group-id’Specify the desired snapshot retention period (in days)
retention_period = 7- Run the Python script: Save the Python script and run it. This script will enable automatic backups for the specified Elasticache cluster.
- Verify: After running the script, you can verify in the AWS Management Console that automatic backups have been enabled for the Elasticache cluster.
'your-replication-group-id' with the ID of the ElastiCache Redis replication group you want to remediate, and adjust the retention_period variable to specify the desired snapshot retention period (in days). This script modifies the snapshot retention period for the specified replication group to meet the specified value.