More Info:
Automated backups of your RDS database instances should be enabled to ensure point-in-time recovery.Risk Level
HighAddress
Operational Maturity, Reliability, SecurityCompliance Standards
HIPAA, NIST, SOC2, HITRUST, AWSWAF, NISTCSF, PCIDSSTriage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration of automated backups not being enabled for AWS RDS using the AWS Management Console, follow these steps:
-
Sign in to the AWS Management Console:
- Go to the AWS Management Console (https://aws.amazon.com/console) and sign in with your credentials.
-
Navigate to RDS Service:
- In the AWS Management Console, navigate to the Amazon RDS service by clicking on “Services” in the top left corner and then selecting “RDS” under the Database section.
-
Select the RDS Instance:
- From the list of RDS instances, select the instance for which you want to enable automated backups by clicking on its identifier.
-
Enable Automated Backups:
- In the RDS instance details page, click on the “Modify” button to change the configuration settings.
- Scroll down to the “Backup” section, and under the “Backup retention period” option, select a retention period for automated backups (e.g., 7 days, 30 days, etc.).
- Check the box for “Backup retention period” to enable automated backups.
- You can also configure the preferred backup window and backup maintenance window according to your requirements.
- Click on the “Continue” button.
-
Apply Changes:
- Review the changes you have made, and click on the “Modify DB Instance” button to apply the changes to the RDS instance.
-
Monitor the Status:
- Once the modification is complete, monitor the status of the RDS instance to ensure that automated backups are now enabled.
Using CLI
Using CLI
To enable automated backups for an AWS RDS instance using AWS CLI, follow these steps:
- Open your terminal or command prompt.
-
Use the following AWS CLI command to modify the RDS instance to enable automated backups. Replace
your-rds-instance-namewith the actual name of your RDS instance.
-
This command will modify the RDS instance to enable automated backups with a retention period of 7 days. You can adjust the
--backup-retention-periodparameter to set a different retention period as needed. - After running the command, AWS will apply the changes immediately, and automated backups will be enabled for your RDS instance.
- You can verify that automated backups are enabled by checking the RDS instance details in the AWS Management Console or by running the following AWS CLI command:
- Look for the
BackupRetentionPeriodvalue in the output to confirm that automated backups are enabled with the desired retention period.
Using Python
Using Python
To remediate the misconfiguration of automated backups not being enabled for an AWS RDS instance using Python, you can use the AWS SDK for Python (Boto3) to enable automated backups. Below are the step-by-step instructions to remediate this issue:
-
Install Boto3: If you haven’t already installed Boto3, you can do so using pip by running the following command:
-
Configure AWS Credentials: Make sure you have your AWS credentials configured either by setting environment variables or using AWS CLI
aws configure. -
Write a Python script: Create a Python script with the following code to enable automated backups for an RDS instance. Replace
your_rds_instance_identifierwith the actual identifier of your RDS instance. -
Run the Python script: Execute the Python script to enable automated backups for the specified RDS instance. This script will set the backup retention period to 7 days. You can adjust this value as needed.
- Verify the configuration: After running the script, verify that automated backups have been enabled for the RDS instance by checking the AWS Management Console or using the AWS CLI.