Rule: RDS Aurora clusters should be protected by backup plan
Ensure compliance by protecting RDS Aurora clusters with backup plan.
| Rule | RDS Aurora clusters should be protected by backup plan |
| Framework | CISA-cyber-essentials |
| Severity | ✔ Medium |
Rule Description
RDS Aurora clusters should have a backup plan in place to ensure data security and to comply with the CISA Cyber Essentials framework. A backup plan helps in protecting against data loss or corruption by regularly creating copies of database instances and storing them securely.
Troubleshooting Steps (if applicable)
- Check if RDS Aurora clusters have a backup plan enabled.
- Verify that the backup plan is properly configured with the required retention period and frequency.
- Ensure that proper IAM roles and permissions are assigned to allow necessary operations.
- Check for any errors or warnings related to the backup plan in the CloudWatch Logs or RDS event notifications.
Necessary Codes (if applicable)
There are no specific codes to be provided for this rule. However, the following steps will guide you on how to enable and configure the backup plan for RDS Aurora clusters.
Step-by-Step Guide for Remediation
Step 1: Access AWS Management Console
Access the AWS Management Console using valid credentials: console.aws.amazon.com
Step 2: Select the RDS Service
Navigate to the RDS service by searching for "RDS" in the AWS Management Console search bar and selecting "RDS" from the results.
Step 3: Choose the Aurora Cluster
In the RDS dashboard, select the appropriate Aurora cluster for which you want to enable the backup plan.
Step 4: Configure Backup Retention Period
- In the cluster details, click on the "Backup" tab.
- Under the "Backup retention period" section, specify the desired retention period for backups. It is recommended to set a retention period based on your data protection requirements and compliance policies.
Step 5: Configure Backup Window
- Under the "Backup window" section, select the preferred time window during which backups should be performed. Make sure to choose a time when the database activity is minimal to minimize any impact on performance.
Step 6: Enable Automated Backups
- Scroll down to the "Automated backups" section and ensure that the toggle switch is set to "Enabled". This will enable the regular automated backups for the Aurora cluster.
Step 7: Confirm Backup Plan
- Verify the chosen settings for backup retention period, backup window, and automated backups.
- Review the details and click on the "Apply immediately" button to save the changes and enable the backup plan.
Conclusion
By following the above step-by-step guide, you can enable and configure the backup plan for your RDS Aurora cluster, providing necessary protection for your database and ensuring compliance with the CISA Cyber Essentials framework. Regularly monitor the backups and perform periodic restore tests to validate the backup process and data recovery capability.