Description:

Amazon FSx for Windows File Server provides fully managed, highly reliable, and scalable file storage that is accessible over the industry-standard Server Message Block (SMB) protocol. It is built on Windows Server, delivering a wide range of administrative features such as user quotas, end-user file restore, and Microsoft Active Directory (AD) integration. It offers single-AZ and multi-AZ deployment options, fully managed backups, and encryption of data at rest and in transit.


Rational:

Amazon FSx for windows file system backups are block-based, incremental backups, whether they are generated using the automatic daily backup or the user-initiated backup feature. This means that when you take a backup, Amazon FSx compares the data on your file system to your previous backup at the block level.


Impact:

Amazon FSx can take an automatic daily backup of your file system. These automatic daily backups occur during the daily backup window that was established when you created the file system.


Default value:

By default, FSx backup is enabled and the retention period is set to 7 days.


Audit:

  1. Sign in to AWS Management Console.

  2. Go to the Amazon FSx service at https://console.aws.amazon.com/fsx/.

  3. Click on File systems in the left navigation pane 

  4. Click on the File system and select Backups tab(make sure you are selecting FSx windows type)
    If it shows Automatic backups are disabled it means selected file systems have no Backups.


Via CLI:

aws fsx describe-file-systems
  --region us-east-1
  --file-system-ids fx-0aabb1234ccdd1234


Remediation:

Pre-requisites:

  • Sign in as admin or IAM user with required permissions

  • Need at least one Filesystem


Implementation steps:

  1. Sign in to AWS Management Console.

  2. Go to the Amazon FSx service at https://console.aws.amazon.com/fsx/.

  3. Click on File systems in the left navigation pane

  4. Click on the File system and select Backups tab(make sure you are selecting FSx windows type) and click on the update

  5. By clicking on Update Change backup window and retention period wizard will open, choose yes, set the backup window(recommended to set window out of operational hours) and set the Automatic Backup Retention between 1 to 90 days 

  6. Click on save 


Via CLI:

aws fsx update-file-system
  --region us-east-1
  --file-system-id fx-0aabb1234ccdd1234
  --windows-configuration AutomaticBackupRetentionDays=14


Backout plan:

  1. Sign in to AWS Management Console.

  2. Go to the Amazon FSx service at https://console.aws.amazon.com/fsx/.

  3. Click on File systems in the left navigation pane 

  4. Click on the File system and select the Backups tab(make sure you are selecting FSx windows type) and click on the update

  5. Choose No in Change backup window and retention period wizard opened and click on save

 

Reference:

https://aws.amazon.com/fsx/windows/