AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
Aurora DB Clusters Should Have Recovery Point
More Info:
Checks if a recovery point was created for Amazon Aurora DB clusters. The rule is NON_COMPLIANT if the Amazon Relational Database Service (Amazon RDS) DB Cluster does not have a corresponding recovery point.
Risk Level
High
Address
Configuration
Compliance Standards
CBP,SEBI
Triage and Remediation
Remediation
To remediate the misconfiguration of Aurora DB Clusters not having a recovery point in AWS RDS using the AWS Management Console, follow these steps:
-
Login to AWS Console: Go to the AWS Management Console (https://console.aws.amazon.com/) and login using your credentials.
-
Navigate to RDS Dashboard: Once logged in, navigate to the Amazon RDS console by clicking on the “Services” dropdown in the top left corner and selecting “RDS” under the Database category.
-
Select Aurora DB Cluster: From the list of DB instances, select the Aurora DB cluster that you want to configure a recovery point for by clicking on its identifier.
-
Enable Backtrack: In the Aurora DB cluster details page, click on the “Modify” button in the top right corner.
-
Configure Backtrack: Scroll down to the “Backup” section of the Modify DB Cluster page. Look for the “Backtrack” option and check the box to enable it.
-
Set Backtrack Window: Set the backtrack window to the desired number of seconds or minutes. This will determine how far back in time you can backtrack the cluster.
-
Review and Apply Changes: Review the other configuration settings to ensure they are correct. Once you have configured the backtrack settings, click on the “Continue” button.
-
Apply Changes: On the next page, review the summary of changes and click on the “Modify DB Cluster” button to apply the changes.
-
Monitor Progress: The modification process will start, and you can monitor the progress on the RDS dashboard. Once the modification is complete, the Aurora DB cluster will have a recovery point enabled.
By following these steps, you can successfully remediate the misconfiguration of Aurora DB Clusters not having a recovery point in AWS RDS using the AWS Management Console.
To remediate the misconfiguration of Aurora DB clusters not having a recovery point in AWS RDS using AWS CLI, you can follow these steps:
-
Create a DB Cluster Snapshot:
- Use the following AWS CLI command to create a manual snapshot of your Aurora DB cluster:
aws rds create-db-cluster-snapshot --db-cluster-identifier <your-db-cluster-identifier> --db-cluster-snapshot-identifier <your-snapshot-name> - Replace
<your-db-cluster-identifier>with the identifier of your Aurora DB cluster and<your-snapshot-name>with the name you want to give to the snapshot.
- Use the following AWS CLI command to create a manual snapshot of your Aurora DB cluster:
-
Enable Automated Backups:
- To ensure that automated backups are enabled for your Aurora DB cluster, use the following AWS CLI command:
aws rds modify-db-cluster --db-cluster-identifier <your-db-cluster-identifier> --backup-retention-period <retention-period-in-days> - Replace
<your-db-cluster-identifier>with the identifier of your Aurora DB cluster and<retention-period-in-days>with the number of days you want to retain automated backups.
- To ensure that automated backups are enabled for your Aurora DB cluster, use the following AWS CLI command:
-
Verify Backup Configuration:
- Confirm that automated backups are enabled and the backup retention period is set correctly by running the following AWS CLI command:
aws rds describe-db-clusters --db-cluster-identifier <your-db-cluster-identifier> --query "DBClusters[*].{DBClusterIdentifier:DBClusterIdentifier, BackupRetentionPeriod:BackupRetentionPeriod, BackupWindow:PreferredBackupWindow, BackupRetentionPeriod:BackupRetentionPeriod}" - This command will display the backup configuration details of your Aurora DB cluster.
- Confirm that automated backups are enabled and the backup retention period is set correctly by running the following AWS CLI command:
By following these steps and ensuring that you have created a manual snapshot, enabled automated backups, and verified the backup configuration, you can remediate the misconfiguration of Aurora DB clusters not having a recovery point in AWS RDS using AWS CLI.
To remediate the misconfiguration of Aurora DB clusters not having a recovery point in AWS RDS using Python, you can follow these steps:
- Install Boto3: Ensure that you have the Boto3 library installed in your Python environment. Boto3 is the AWS SDK for Python, which allows you to interact with AWS services.
pip install boto3
- Create a Python script: Create a Python script with the following code to enable point-in-time recovery for your Aurora DB clusters.
import boto3
# Specify the AWS region where your Aurora DB cluster is located
region = 'your_aws_region'
# Specify the name of your Aurora DB cluster
db_cluster_identifier = 'your_db_cluster_identifier'
# Create a Boto3 RDS client
client = boto3.client('rds', region_name=region)
# Enable point-in-time recovery for the Aurora DB cluster
response = client.modify_db_cluster(
DBClusterIdentifier=db_cluster_identifier,
BackupRetentionPeriod=7, # Specify the number of days to retain automated backups
PreferredBackupWindow='04:00-04:30' # Specify the preferred backup window
)
print("Point-in-time recovery enabled for Aurora DB cluster")
-
Replace placeholders: Replace
your_aws_regionwith the AWS region where your Aurora DB cluster is located andyour_db_cluster_identifierwith the name of your Aurora DB cluster. -
Run the script: Execute the Python script in your environment. This will enable point-in-time recovery for your Aurora DB cluster, ensuring that recovery points are available for data restoration.
By following these steps and running the Python script, you can remediate the misconfiguration of Aurora DB clusters not having a recovery point in AWS RDS.