Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: RDS DB Instances in Backup Plan

Ensure all RDS DB instances are included in a backup plan for data security.

RuleRDS DB instances should be in a backup plan
FrameworkNIST 800-53 Revision 5
Severity
High

Rule Description

According to NIST 800-53 Revision 5, it is recommended that RDS (Relational Database Service) DB instances should have a defined backup plan in place. This helps to ensure the availability of critical data and to recover from any unexpected events or data loss incidents.

Having a backup plan for RDS DB instances involves creating regular database backups, implementing appropriate retention periods, and storing the backups in a secure location. This rule aims to prevent data loss, support disaster recovery efforts, and comply with industry best practices to protect sensitive information.

Troubleshooting Steps

If the RDS DB instance does not have a backup plan in place, you may follow these troubleshooting steps:

  2. 1.
    Check the RDS DB instance configuration: Verify if the automatic backup feature is enabled for the DB instance. If it is not enabled, proceed to enable it.
  4. 2.
    Confirm the backup retention period: Ensure that the backup retention period is set to an appropriate value based on your organization's requirements. Adjust the retention period if needed.
  6. 3.
    Validate the backup frequency: Assess whether the backups are taking place at the desired frequency. If the backups are not occurring as required, modify the backup schedule to align with your needs.
  8. 4.
    Check backup storage location: Ensure that the backups are stored in a secure and appropriate storage location. If necessary, configure a backup storage location that meets the required security standards.
  10. 5.
    Test backup restoration: Periodically test the restoration process from the backups to ensure their reliability. This will help verify that the backups are valid and ready for use during recovery scenarios.

Code Example

To configure a backup plan for an RDS DB instance, you can use the AWS Command Line Interface (CLI) with the following command:

aws rds create-db-snapshot --db-instance-identifier <DB_INSTANCE_IDENTIFIER> --db-snapshot-identifier <DB_SNAPSHOT_IDENTIFIER>

Replace 

<DB_INSTANCE_IDENTIFIER>
with the identifier of your RDS DB instance and 
<DB_SNAPSHOT_IDENTIFIER>
with a name for the snapshot. This command creates a manual snapshot of the DB instance.

Additionally, you can enable automatic backups for an RDS DB instance with the following command:

aws rds modify-db-instance --db-instance-identifier <DB_INSTANCE_IDENTIFIER> --backup-retention-period <BACKUP_RETENTION_PERIOD>

Replace 

<DB_INSTANCE_IDENTIFIER>
with the identifier of your DB instance and 
<BACKUP_RETENTION_PERIOD>
with the desired backup retention period in days.

Remediation Steps

To remediate the issue and ensure compliance with the NIST 800-53 Revision 5 rule:

  2. 1.
    Create a backup plan: Establish a backup plan to cover all the RDS DB instances in your environment. Determine the backup frequency, retention period, and storage location based on the criticality of the data and your organization's requirements.
  4. 2.
    Enable automatic backups: Ensure that automatic backups are enabled for each RDS DB instance. This can be done through the AWS Management Console or by using the AWS CLI. Set an appropriate backup retention period as per your organization's policies.
  6. 3.
    Verify backup settings: Validate that backups are occurring as scheduled and the retention period aligns with the required time frame. Monitor backup status and logs regularly to ensure successful backups.
  8. 4.
    Test backup restoration: Periodically perform a test restore from the backups to ensure that the restoration process is functional and reliable. This step confirms that the backups are valid and can be used for recovery purposes when required.
  10. 5.
    Document the backup plan: Maintain proper documentation detailing the backup plan, including backup frequency, retention period, and storage location. Document the testing and restoration procedures as well.
  12. 6.
    Review and update: Regularly review and update the backup plan based on any changes in your environment or compliance requirements. Stay up to date with the latest AWS and security best practices to ensure the effectiveness of the backup plan.

By following these steps, you can implement a robust backup plan for your RDS DB instances in compliance with the NIST 800-53 Revision 5 guidelines.

Is your System Free of Underlying Vulnerabilities?
Find Out Now