Description:

Amazon Lustre is a fully managed service that provides cost-effective high-performance storage for compute workloads. The policy checks if FSx Lustre service has controlled access and its backup schedules are configured.


Remediation:

With Amazon FSx, backups are file-system-consistent, highly durable, and incremental. To ensure file system consistency, Amazon FSx uses the Volume Shadow Copy Service (VSS) in Microsoft Windows. To ensure high durability, Amazon FSx stores backups in Amazon Simple Storage Service (Amazon S3).


Creating Manual Backups

The following procedure guides you through how to create a user-initiated backup in the Amazon FSx console for an existing file system.


To create a manual file system backup

  1. Open the Amazon FSx console at https://console.aws.amazon.com/fsx/.
  2. From the console dashboard, choose the name of the file system that you want to back up.
  3. From Actions, choose Create backup.
  4. In the Create backup dialog box that opens, provide a name for your backup. Backup names can be a maximum of 256 Unicode characters, including letters, white space, numbers, and the special characters . + - = _ : /
  5. Choose Create backup.


You have now created your file system backup. You can find a table of all your backups in the Amazon FSx console by choosing Backups in the right side navigation. You can search for the name you gave your backup, and the table filters to only show matching results.


When you create a user-initiated backup as this procedure described, it has the type USER_INITIATED, and it has the CREATING status until it is fully available.


Automatic Daily Backups

By default, Amazon FSx takes an automatic daily backup of your file system. These automatic daily backups occur during the daily backup window that was established when you created the file system. At some point during the daily backup window, storage I/O might be suspended briefly while the backup process initializes (typically for less than a few seconds). When you choose your daily backup window, we recommend that you choose a convenient time of the day. This time ideally is outside of the normal operating hours for the applications that use the file system.


Automatic daily backups are kept for a certain period of time, known as a retention period. The default retention period for automatic daily backups is 7 days. You can set the retention period to be between 0–90 days. Setting the retention period to 0 (zero) days turns off automatic daily backups. Automatic daily backups are deleted when the file system is deleted.


Restoring Backups

You can use an available backup to create a new file system, effectively restoring a point-in-time snapshot of another file system. You can restore a backup using the console, AWS CLI, or one of the AWS SDKs. Restoring a backup to a new file system takes the same amount of time as creating a new file system. The data restored from the backup is lazy-loaded onto the file system, during which time you will experience slightly higher latency.


The following procedure guides you through how to restore a backup using the console to create a new file system.


To restore a file system from a backup

  1. Open the Amazon FSx console at https://console.aws.amazon.com/fsx/.
  2. From the console dashboard, choose Backups from the left side navigation.
  3. Choose the backup that you want to restore from the Backups table, and then choose Restore backup.
    Doing so opens the file system creation wizard. This wizard is identical to the standard file system creation wizard, except the Storage capacity is already set and can't be changed. However, you can change the throughput capacity, associated VPC, and other settings, and storage type. The storage type is set to SSD by default, but you can change it to HDD under the following conditions:
    The file system deployment type is Multi-AZ or Single-AZ 2.
        The storage capacity is at least 2,000 GiB.
  4. Complete the wizard as you do when you create a new file system.
  5. Choose Review and create.
  6. Review the settings you chose for your Amazon FSx file system, and then choose Create file system.


You have restored from a backup, and a new file system is now being created. When its status changes to AVAILABLE, you can use the file system as normal.


Deleting Backups

Deleting a backup is a permanent, unrecoverable action. Any data in a deleted backup is also deleted. Do not delete a backup unless you're sure you won't need that backup again in the future.


To delete a backup

  1. Open the Amazon FSx console at https://console.aws.amazon.com/fsx/.
  2. From the console dashboard, choose Backups from the right side navigation.
  3. Choose the backup that you want to delete from the Backups table, and then choose Delete backup.
  4. In the Delete backups dialog box that opens, confirm that the ID of the backup identifies the backup that you want to delete.
  5. Confirm that the check box is checked for the backup that you want to delete.
  6. Choose Delete backups.


Your backup and all included data are now permanently and unrecoverably deleted.


Reference:

    https://docs.aws.amazon.com/fsx/latest/WindowsGuide/using-backups.html