Rule: RDS Aurora Clusters Should Be Protected by Backup Plan
This rule ensures that RDS Aurora clusters are protected by a backup plan.
| Rule | RDS Aurora clusters should be protected by backup plan |
| Framework | CISA-cyber-essentials |
| Severity | ✔ Medium |
RDS Aurora Cluster Backup Plan for CISA Cyber Essentials
Rule Description:
According to the CISA Cyber Essentials guidelines, RDS Aurora clusters should be protected by a backup plan. This ensures that in the event of data loss, system failures, or cyberattacks, critical data can be recovered efficiently and minimize business disruptions.
Troubleshooting Steps:
- 1.Verify that the RDS Aurora cluster is properly configured and associated with a backup plan.
- 2.Check the status of the most recent backup to ensure it is successful.
- 3.Review the backup retention period to ensure it meets the desired recovery objectives.
- 4.Ensure that backup encryption is enabled if required by organizational policies.
Necessary Codes:
No specific code is required for this rule. The configuration and management of backups for RDS Aurora clusters can be done through the AWS Management Console or using AWS CLI commands.
Remediation Steps:
Step 1: Enable Backups for RDS Aurora Cluster
To enable backups for an RDS Aurora cluster, follow these steps:
- 1.Open the AWS Management Console and navigate to the Amazon RDS service.
- 2.Select the desired region where the Aurora cluster is located.
- 3.Click on the "Databases" tab and select the target Aurora cluster.
- 4.In the cluster details page, click on "Actions" and select "Modify".
- 5.Scroll down to the "Backup" section and ensure that the "Enable automatic backups" option is checked.
- 6.Set the desired backup retention period that aligns with your recovery objectives.
- 7.Configure additional backup settings like Backup Window and Maintenance Window as per your requirements.
- 8.Click on "Modify cluster" to save the changes.
Step 2: Verify Backup Status
To verify the status of the most recent backup for an RDS Aurora cluster, follow these steps:
- 1.From the cluster details page, click on the "Backups" tab.
- 2.Check the status of the latest backup under "Backup Status". It should be marked as "Completed" or "Available".
- 3.If the backup status shows an error or failure, investigate the cause and take necessary actions to resolve the issue.
Step 3: Configure Backup Encryption (if required)
If your organization requires encryption for RDS Aurora cluster backups, follow these steps:
- 1.Open the AWS Management Console and navigate to the Amazon RDS service.
- 2.Select the desired region where the Aurora cluster is located.
- 3.Click on "Encryption" in the left menu.
- 4.Select the Aurora cluster for which you want to enable backup encryption.
- 5.Click on "Modify" and scroll down to the "Backup" section.
- 6.Check the "Encrypt automatic backups" option.
- 7.Choose the desired AWS Key Management Service (KMS) key for encryption.
- 8.Click on "Modify cluster" to save the changes.
Conclusion:
By following the recommended steps, your RDS Aurora cluster will have a backup plan in place, complying with the CISA Cyber Essentials guidelines. Regularly verify the backup status and ensure that the cluster backups meet the specified retention period and encryption requirements if applicable.