RDS Should Have Backup Recovery Point Created
More Info:
Checks if a recovery point was created for Amazon Relational Database Service (Amazon RDS). The rule is NON_COMPLIANT if the Amazon RDS instance does not have a corresponding recovery point created within the specified time period.Risk Level
HighAddresses
ConfigurationCompliance Standards
CBP,SEBITriage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration of missing backup recovery points for an AWS RDS instance, you can follow these steps using the AWS Management Console:
- Login to AWS Console: Go to the AWS Management Console (https://aws.amazon.com/console/) and login using your credentials.
- Navigate to RDS Service: Click on the “Services” dropdown menu at the top left corner, then select “RDS” under the Database category.
- Select the RDS Instance: From the list of RDS instances, click on the instance that you want to enable backup recovery points for.
-
Enable Automated Backups:
- In the RDS dashboard for the selected instance, click on the “Modify” button on the top right corner.
- Scroll down to the “Backup” section.
- Check the box for “Backup retention period” and set a retention period that suits your requirements (e.g., 7 days, 30 days).
- Check the box for “Enable automatic backups” to enable automated backups for the RDS instance.
- You can also configure the backup window timing as per your preference.
-
Enable Backup Retention:
- Scroll down further to the “Maintenance” section.
- Check the box for “Backup retention period” and set a retention period that suits your requirements (e.g., 7 days, 30 days).
-
Review and Apply Changes:
- Scroll to the bottom of the page and click on the “Continue” button.
- Review the changes you have made to ensure they are correct.
- Click on the “Modify DB Instance” button to apply the changes.
-
Verify Backup Configuration:
- Once the modification is complete, go back to the RDS dashboard for the instance.
- You should see that automated backups are now enabled, and a backup retention period has been set.
Using CLI
Using CLI
To remediate the misconfiguration of not having backup recovery points created for an AWS RDS instance using AWS CLI, you can follow these steps:
-
Identify the RDS Instance: First, you need to identify the RDS instance for which you want to enable backup recovery points. You can do this by listing all your RDS instances using the following AWS CLI command:
-
Enable Automated Backups: To enable automated backups for the RDS instance, you can use the following AWS CLI command. Replace
<instance-id>with the actual ID of your RDS instance:--backup-retention-period: Specifies the number of days to retain automated backups. You can adjust this value as needed.--apply-immediately: This flag ensures that the changes take effect immediately.
-
Verify Backup Configuration: You can verify the backup configuration for the RDS instance by describing the instance using the following AWS CLI command:
Make sure that the
BackupRetentionPeriodis set to the desired value and thatBackupRetentionPeriodis not0. -
Monitor Backups: After enabling automated backups, you should monitor the backups to ensure that they are being created as expected. You can view the automated backups for the RDS instance using the following AWS CLI command:
Using Python
Using Python
To remediate the misconfiguration of not having backup recovery points created for an AWS RDS instance using Python, you can follow these steps:By following these steps and running the Python script, you can ensure that automated backups are enabled for all your AWS RDS instances, thus remediating the misconfiguration of not having backup recovery points created.
- Import the necessary libraries:
- Initialize the AWS RDS client:
- Get a list of all RDS instances:
- Iterate through each RDS instance and enable automated backups if they are not already enabled:
- Verify that automated backups are enabled for all RDS instances: