RDS DB Instance Backup Enabled Rule

Ensure compliance by enabling backup for RDS DB instances.

Rule	RDS DB instance backup should be enabled
Framework	SOC 2
Severity	✔ Medium

Rule Description

The rule ensures that backup is enabled for Amazon Relational Database Service (RDS) instances in order to comply with SOC 2 requirements. Enabling backups for RDS instances helps to protect your critical database and ensures that you can recover in case of data loss or system failure.

Troubleshooting Steps

1.
Verify if backup is already enabled for the RDS instance by checking its configuration.

2.
Check the AWS Management Console or use the AWS Command Line Interface (CLI) to confirm the current backup status of the RDS instance.

Necessary Code

There is no specific code snippet required for this rule. The backup feature is available as a built-in functionality of Amazon RDS and can be enabled directly through the AWS Management Console or via the CLI.

Remediation Steps

AWS Management Console

1.
Sign in to the AWS Management Console.

2.
Open the Amazon RDS console.

3.
Select the region where your RDS instance is located.

4.
Click on "Databases" on the left-hand side menu.

5.
Select the RDS instance for which you want to enable backup.

6.
In the "Actions" drop-down menu, click on "Modify".

7.
Scroll down to the "Backup" section.

8.
Ensure that the "Backup retention period" is set to a value greater than zero. This specifies how long automated backups are retained (in days).

9.
If desired, you can also enable "Backup deletion protection" to prevent accidental deletion of backups.

10.
Click on "Continue".

11.
Review the summary of changes and click on "Modify DB Instance" to apply the changes.

AWS CLI

1.
Open the AWS CLI or a terminal with the AWS CLI installed.

2.
Run the following command to enable backup for the RDS instance:

aws rds modify-db-instance --db-instance-identifier [RDS_INSTANCE_IDENTIFIER] --backup-retention-period [NUMBER_OF_DAYS]

Replace

[RDS_INSTANCE_IDENTIFIER]

with the ID or name of the RDS instance you want to modify, and

[NUMBER_OF_DAYS]

with the desired backup retention period in days.

Example:

aws rds modify-db-instance --db-instance-identifier my-rds-instance --backup-retention-period 7

This command enables backup for the RDS instance "my-rds-instance" with a backup retention period of 7 days.

Note

Enabling backup for RDS instances incurs extra costs associated with storing and maintaining backups. Make sure to consider these costs and review the backup strategy based on your business requirements and compliance needs.

RDS DB Instance Backup Enabled Rule

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}AWS Management Console

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}AWS CLI

Is your System Free of Underlying Vulnerabilities? Find Out Now

AWS Management Console

AWS CLI

Is your System Free of Underlying Vulnerabilities?
Find Out Now