AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
Document DB Cluster Should Have Backup Retention Check
More Info:
Checks if an Amazon Document DB cluster retention period is set to specific number of days. The rule is NON_COMPLIANT if the retention period is less than the value specified by the parameter.
Risk Level
Medium
Address
Configuration
Compliance Standards
CBP
Triage and Remediation
Remediation
To remediate the misconfiguration of missing backup retention settings for an AWS RDS DocumentDB cluster, you can follow these steps using the AWS Management Console:
-
Login to AWS Console: Go to the AWS Management Console (https://console.aws.amazon.com/) and login with your credentials.
-
Navigate to RDS Service: From the AWS Management Console, navigate to the RDS service by clicking on the “Services” dropdown in the top left corner and selecting “RDS” under the Database category.
-
Select DocumentDB Cluster: In the RDS dashboard, locate and select the DocumentDB cluster for which you want to configure backup retention settings.
-
Modify Cluster: Click on the cluster identifier to view the cluster details. Then, click on the “Modify” button at the top to edit the cluster settings.
-
Configure Backup Retention: Scroll down to the “Backup” section of the modification page. Here, you can set the backup retention period by specifying the number of days you want to retain automated backups for the cluster.
-
Enable Automated Backups: Ensure that the “Backup Retention Period” is set to a value greater than 0 to enable automated backups for the cluster. You can choose a retention period based on your backup and recovery requirements.
-
Save Changes: After setting the desired backup retention period, scroll to the bottom of the page and click on the “Continue” button. Review the summary of changes and click on the “Modify Cluster” button to apply the new backup retention settings.
-
Verify Configuration: Once the modification is complete, go back to the cluster details page and verify that the backup retention period is set correctly. You should see a confirmation that the backup retention settings have been updated successfully.
By following these steps, you can remediate the misconfiguration of missing backup retention settings for an AWS RDS DocumentDB cluster using the AWS Management Console.
To remediate the misconfiguration of a Document DB Cluster not having backup retention check in AWS RDS using AWS CLI, you can follow these steps:
-
Identify the Document DB Cluster: First, you need to identify the Document DB Cluster for which you want to enable backup retention.
-
Enable Backup Retention: Run the following AWS CLI command to modify the Document DB Cluster to enable backup retention with the desired retention period (in days). Replace
<cluster-identifier>with the actual identifier of your Document DB Cluster and<retention-period>with the desired backup retention period.
aws rds modify-db-cluster --db-cluster-identifier <cluster-identifier> --backup-retention-period <retention-period>
- Verify Backup Retention: To verify that the backup retention has been successfully enabled, you can describe the Document DB Cluster using the following AWS CLI command:
aws rds describe-db-clusters --db-cluster-identifier <cluster-identifier>
- Check Backup Retention Settings: Ensure that the backup retention period is set to the desired value in the output of the above command.
By following these steps and executing the provided AWS CLI commands, you can remediate the misconfiguration of a Document DB Cluster not having backup retention check in AWS RDS.
To remediate the misconfiguration of missing backup retention settings for an AWS RDS DocumentDB cluster using Python, you can use the AWS SDK for Python (Boto3) to update the backup retention period.
Here are the step-by-step instructions to remediate this issue:
-
Install Boto3: If you haven’t already installed the Boto3 library, you can install it using pip:
pip install boto3 -
Create a Python script to update the backup retention period: You can create a Python script with the following code snippet to update the backup retention period for the DocumentDB cluster:
import boto3 # Define the AWS region and DocumentDB cluster identifier region = 'your_aws_region' cluster_identifier = 'your_documentdb_cluster_identifier' # Define the new backup retention period in days new_retention_period = 7 # Create a DocumentDB client client = boto3.client('docdb', region_name=region) # Update the backup retention period for the DocumentDB cluster response = client.modify_db_cluster( DBClusterIdentifier=cluster_identifier, BackupRetentionPeriod=new_retention_period ) print("Backup retention period updated successfully to {} days.".format(new_retention_period)) -
Configure AWS credentials: Ensure that your AWS credentials are properly configured on the machine where you will run this script. You can set up your AWS credentials using the AWS CLI or environment variables.
-
Run the Python script: Save the Python script with the above code snippet and run it. This script will update the backup retention period for the specified DocumentDB cluster to the desired value (in this case, 7 days).
By following these steps and running the Python script, you can remediate the misconfiguration of missing backup retention settings for an AWS RDS DocumentDB cluster.