Description:

With Amazon FSx for Lustre, you can take automatic daily backups and user-initiated backups of persistent file systems that are not linked to an Amazon S3 durable data repository. Amazon FSx backups are file-system-consistent, highly durable, and incremental. To ensure high durability, Amazon FSx for Lustre stores backups in Amazon Simple Storage Service (Amazon S3) with 99.999999999% (11 9's) durability.


Rational:

Amazon FSx for Lustre file system backups are block-based, incremental backups, whether they are generated using the automatic daily backup or the user-initiated backup feature. This means that when you take a backup, Amazon FSx compares the data on your file system to your previous backup at the block level.


Impact:

Amazon FSx for Lustre can take an automatic daily backup of your file system. These automatic daily backups occur during the daily backup window that was established when you created the file system. 


Default value:

By default, FSx backup is enabled and the retention period is set to 7 days.


Audit:

  1. Sign in to AWS Management Console.

  2. Go to the Amazon FSx service at https://console.aws.amazon.com/fsx/.

  3. Click on File systems in the left navigation pane 

  4. Click on the File system and select Backups tab(make sure you are selecting FSx Luster type)

    If it shows Automatic backups are disabled it means selected file system’s have not Backups.


Via CLI:

aws fsx describe-file-systems
  --region us-east-1
  --file-system-ids fx-0aabb1234ccdd1234


Remediation:

Pre-requisites:

  • Sign in as admin or IAM user with required permissions

  • Need at least one Filesystem


Implementation steps:

  1. Sign in to AWS Management Console.

  2. Go to the Amazon FSx service at https://console.aws.amazon.com/fsx/.

  3. Click on File systems in the left navigation pane

  4. Click on the File system and select Backups tab(make sure you are selecting FSx Luster type) and click on the update

  5. By clicking on Update Change backup window and retention period wizard will open, choose yes, set the backup window(recommended to set window out of operational hours) and set the Automatic Backup Retention between 1 to 90 days 

  6. Click on save 


Via CLI:

aws fsx update-file-system --file-system-id fs-01234567890123456 --lustre-configuration AutomaticBackupRetentionDays=20


Backout plan:

  1. Sign in to AWS Management Console.

  2. Go to the Amazon FSx service at https://console.aws.amazon.com/fsx/.

  3. Click on File systems in the left navigation pane 

  4. Click on the File system and select the Backups tab(make sure you are selecting FSx Luster type) and click on the update

  5. Choose No in Change backup window and retention period wizard opened and click on save


Reference:

What is Amazon FSx for Lustre? - Amazon FSx for Lustre