Amazon RDS
      Back to home
      1. CNS Policies
      2. AWS Knowledge Base
      3. Amazon RDS

      RDS Automated Backups Disabled

      Risk Level: MEDIUM

      Description:

      This plugin guarantees that RDS instances have automated backups enabled. AWS provides a simple technique for regularly backing up RDS instances. This should be enabled to allow for data recovery in the event of a database breach or hardware failure.


      Recommended Action: Enable automated backups for the RDS instance.

      About the Service :

      Amazon RDS (Amazon Relational Database Service) makes it simple to set up, run, and scale a relational database in the cloud. It offers scalable capacity at a low cost while automating time-consuming administrative activities including hardware provisioning, database setup, patching, and backups. 


      Impact: 

      Creating a "point-in-time" snapshot Periodically taking RDS instance snapshots will help you to manage your data restoration process more efficiently in the event of a user error on the source database, or to save data before making a large change to the instance database, such as changing the structure of a table.

      Steps to reproduce :

      1. Sign in to your AWS management console.
      2. Navigate to the RDS dashboard at: https://console.aws.amazon.com/rds/
      3. On the left navigation panel, under RDS Dashboard, select Databases.
      4. Select the RDS instance that you want to examine.
      5. Click on Maintainance and Backup.
      6. Search for Backup  section, and check for Automated Backup status:
      7. If the status is set to Disabled, then the RDS service will not take backups automatically.
      8. Repeat steps no. 4 – 7 for each RDS instance provisioned in the current region as well as in other AWS regions.


      Steps for remediation :

      1. .Sign in to your AWS management console.
      2. Navigate to the RDS dashboard at: https://console.aws.amazon.com/rds/
      3. On the left navigation panel, under RDS Dashboard, select Databases.
      4. Select the RDS instance that you want to examine and click on Modify.
      5. Scroll down to the Additional Configuration panel.
      6. In the Backup Retention Period dropdown list, select 7 days or the number of days you want to keep the backup for.
      7. Click on Continue.
      8. In the Scheduling of modifications panel, select Apply Immediately, and click on Modify DB Instance.
      9. Repeat steps no. 4 – 9 for each RDS instance provisioned in the current region as well as in other AWS regions.


      References: