Detections
Analytics

Ensure automated backups are enabled for Amazon Relational Database Service (Amazon RDS) instances

HIGH

Description

Enabling automatic backups can help prevent data loss in a RDS instance. Amazon RDS can create and save backups at an instance level rather than simply by individual database. For more information, see the AWS documentation.
References:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html

Remediation

In AWS Console -

  1. Sign in to the AWS Console and go to the Amazon RDS console.
  2. Select Databases, and then choose the DB instance that you want to modify in the navigation pane.
  3. Select Modify.
  4. For Backup retention period, select the recommended 30 days value.
  5. Select Continue.
  6. Select Apply immediately.
  7. On the confirmation page, select Modify DB instance to save your changes and enable automated backups.

Using AWS CLI -

  1. Use the command : 'modify-db-instance' with the following parameters:
    a.--db-instance-identifier
    b. --backup-retention-period
    c. --apply-immediately
    This will enable automated backups for AWS RDS instances.

In Terraform -

  1. In the aws_db_instance resource, set the backup_retention_period to a positive numeric value.
  2. Optional: set a backup_window in UTC time.

References:
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance#backup_retention_period

Policy Details

Rule Reference ID: AC_AWS_0052
CSP: AWS
Remediation Available: Yes
Domain: Data Protection
Resource: aws_db_instance
Resource Category: Database
Resource Type: DB Instance

Frameworks