More Info:
Amazon Backup should be integrated with Amazon Relational Database Service (RDS) in order to manage RDS database instance snapshots and improve the reliability of your backup strategy.Risk Level
LowAddress
Reliability, SecurityCompliance Standards
AWSWAF, SOC2, NISTCSF, PCIDSSTriage and Remediation
Remediation
Using Console
Using Console
To integrate Amazon Backup with Amazon RDS in AWS, follow these steps using the AWS Management Console:
- Sign in to the AWS Management Console: Go to https://aws.amazon.com/ and sign in to your AWS account.
- Navigate to the Amazon RDS Console: Click on the “Services” dropdown menu at the top of the page, then select “RDS” under the Database section.
- Select your RDS Instance: From the list of RDS instances, select the instance for which you want to enable backups.
- Enable Automated Backups: In the RDS dashboard for your selected instance, click on the “Modify” button.
- Configure Backup Settings: Scroll down to the “Backup” section of the Modify DB Instance page. Ensure that the “Backup Retention Period” is set to a value greater than 0 to enable automated backups.
- Enable Enhanced Backup Retention: Under the “Backup” section, enable the “Enable Enhanced Backup Retention” option. This will allow you to retain automated backups for a longer period.
- Save Changes: Scroll to the bottom of the page and click on the “Continue” button. Review the changes you have made, then click on the “Modify DB Instance” button to save the changes.
- Verify Backup Configuration: Once the modification is complete, go back to the RDS dashboard and check that automated backups are enabled for your RDS instance.
Using CLI
Using CLI
To integrate Amazon Backup with Amazon RDS using AWS CLI, follow these steps:
-
Enable Amazon RDS automated backups: If automated backups are not already enabled for your Amazon RDS instance, you need to enable them. You can enable automated backups by modifying the RDS instance with the following command:
Replace
your-db-instance-namewith the actual name of your RDS instance and7with the desired retention period for backups in days. -
Enable the AWS Backup service for Amazon RDS: You need to create a backup plan in AWS Backup and include your RDS instance in that plan. You can create a backup plan using the AWS Backup console or AWS CLI. Here’s an example command to create a backup plan using AWS CLI:
In the
backup-plan.jsonfile, specify the details of your backup plan including the schedule, retention period, and the resources to be backed up (in this case, your RDS instance). -
Tag your Amazon RDS instance with the correct backup plan: After creating the backup plan, you need to tag your RDS instance with the backup plan ID. You can do this using the following command:
Replace
region,account-id,your-db-instance-name, andyour-backup-plan-idwith the appropriate values. -
Verify the backup configuration: You can verify that the Amazon Backup service is integrated with your Amazon RDS instance by checking the backup settings in the AWS Backup console or by running the following command:
Replace
your-backup-plan-idwith the ID of the backup plan you created.
Using Python
Using Python
To integrate Amazon Backup with Amazon RDS in AWS using Python, you can use the AWS SDK for Python (Boto3) to automate the process. Here are the step-by-step instructions to remediate this misconfiguration:
-
Install Boto3:
Make sure you have the Boto3 library installed. You can install it using pip:
-
Configure AWS Credentials:
Ensure that you have configured your AWS credentials either by setting up environment variables or using the AWS CLI
aws configurecommand. -
Write Python Script:
Create a Python script with the following code to enable backups for your Amazon RDS instance:
Replace
'your_rds_instance_identifier'with the actual identifier of your RDS instance. -
Run the Script:
Save the script to a file (e.g.,
enable_rds_backup.py) and run it using Python: - Verify Backup Configuration: After running the script, verify that backups are enabled for your Amazon RDS instance by checking the AWS Management Console or using the AWS CLI.