Aurora DB Clusters Should Be Protected By Backup Plan
More Info:
Checks if Amazon Aurora DB clusters are protected by a backup plan. The rule is NON_COMPLIANT if the Amazon Relational Database Service (Amazon RDS) Database Cluster is not protected by a backup plan.Risk Level
HighAddress
ConfigurationCompliance Standards
CBP,SEBI,RBI_MD_ITF,RBI_UCBTriage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration of Aurora DB clusters not being protected by a backup plan in AWS RDS, follow these step-by-step instructions using the AWS Management Console:
- Login to AWS Console: Go to the AWS Management Console (https://aws.amazon.com/) and login using your credentials.
- Navigate to RDS Service: Click on the “Services” dropdown at the top left corner of the console, then select “RDS” under the Database category.
- Select Aurora Database Cluster: From the list of RDS database instances, locate and click on the Aurora DB cluster that you want to configure a backup plan for.
- Enable Automated Backups: In the Aurora cluster dashboard, click on the “Modify” button to edit the cluster settings.
- Configure Backup Retention Period: Scroll down to the “Backup” section, locate the “Backup retention period” option, and set a value for how long you want to retain automated backups. The minimum retention period is 1 day.
- Enable Automated Backups: Make sure the “Backup retention period” is greater than 0 to enable automated backups for the Aurora cluster.
- Configure Backup Window: Optionally, you can set a preferred backup window during which automated backups will be taken. This helps in avoiding performance impact during peak usage hours.
- Enable Backup Encryption (Optional): If required, you can enable backup encryption by selecting the option for “Backup encryption” and choosing a KMS key to encrypt your backups.
- Review and Apply Changes: Review the changes you have made to the Aurora cluster configuration. Once you are satisfied with the settings, click on the “Apply immediately” checkbox and then click on the “Modify cluster” button to apply the changes.
- Verify Backup Plan: After the modification is completed, go back to the Aurora cluster dashboard and verify that automated backups are enabled and the backup retention period is set as per your configuration.
Using CLI
Using CLI
To remediate the misconfiguration of Aurora DB clusters not being protected by a backup plan in AWS RDS using AWS CLI, follow these steps:
-
Create a Backup Plan:
- Run the following AWS CLI command to create a backup plan for your Aurora DB cluster:
- Replace
"YourBackupPlanName"with a suitable name for your backup plan. - This command creates a backup plan with a rule named “Rule1” that schedules daily backups at midnight UTC.
- Run the following AWS CLI command to create a backup plan for your Aurora DB cluster:
-
Associate the Backup Plan with the Aurora DB Cluster:
- Run the following AWS CLI command to associate the backup plan with your Aurora DB cluster:
- Replace
<BackupPlanId>with the ID of the backup plan you created in step 1. - Replace
"YourSelectionName"with a suitable name for your backup selection. - Replace
"YourIamRoleArn"with the IAM role ARN that has permissions to perform backups. - Replace
"region","account-id", and"cluster-name"with your AWS region, account ID, and Aurora DB cluster name, respectively.
- Run the following AWS CLI command to associate the backup plan with your Aurora DB cluster:
-
Verify the Backup Plan Configuration:
- Run the following AWS CLI command to verify that the backup plan is associated with the Aurora DB cluster:
- This command will list the backup selections associated with the specified backup plan.
- Run the following AWS CLI command to verify that the backup plan is associated with the Aurora DB cluster:
Using Python
Using Python
To remediate the misconfiguration of Aurora DB clusters not being protected by a backup plan in AWS RDS using Python, you can follow these steps:By following these steps, you can remediate the misconfiguration of Aurora DB clusters not being protected by a backup plan in AWS RDS using Python.
-
Install Boto3: Boto3 is the AWS SDK for Python, which allows you to interact with AWS services. You can install it using pip:
- Create a Python script to enable backups for your Aurora DB cluster. Here is an example script that you can use:
-
Replace placeholders: Replace
your_aws_regionwith the AWS region where your Aurora DB cluster is located, andyour_cluster_identifierwith the actual identifier of your Aurora DB cluster. -
Run the script: Save the script to a file (e.g.,
enable_backup_plan.py) and run it using Python. Make sure you have the necessary permissions in your AWS IAM role to modify the Aurora DB cluster.