Description:

This policy ensures that all Amazon Relational Database Service (RDS) instances have a storage and a backup retention policy in place. This helps to protect your data in the event of a database failure or corruption.

Rationale:

Having a storage and a backup retention policy in place helps to protect your data from loss or corruption. The storage policy ensures that your database has enough space to store your data, and the backup retention policy ensures that you can restore your database to a previous point in time if necessary.

Impact:

If you do not have a storage and a backup retention policy in place, you may lose your data if your database fails or becomes corrupted. This could have a significant impact on your business, as you may not be able to access your data or recover from a disaster.

Default Value:

The default backup retention period for RDS instances is 7 days. However, you should consider increasing this period to 35 days or more, depending on your business needs.

Pre-requisites:

  • You must have access to the Amazon RDS console.
  • You must have the AWS CLI installed and configured.

Remediation Steps:

  1. Log in to the Amazon RDS console.
  2. Select the RDS instance that you want to modify.
  3. Click the Modify button.
  4. In the Backup section, select a backup retention period of 35 days or more.
  5. Click Continue.

Test Plan:

  1. Verify that the backup retention period for the RDS instance has been updated to 35 days or more.
  2. Verify that you can restore the RDS instance to a previous point in time by using the backup retention policy.

Implementation Plan:

  1. Create a new AWS IAM policy that allows users to modify the backup retention period for RDS instances.
  2. Attach the new policy to the IAM users who need to be able to modify the backup retention period for RDS instances.
  3. Update the backup retention period for all RDS instances to 35 days or more.

AWS CLI Process:

aws rds modify-db-instance --db-instance-identifier my-rds-instance --backup-retention-period 35

Using AWS GUI:

  1. Log in to the Amazon RDS console.
  2. Select the RDS instance that you want to modify.
  3. Click the Modify button.
  4. In the Backup section, select a backup retention period of 35 days or more.
  5. Click Continue.

Backout Plan:

  1. Restore the backup retention period for the RDS instance to the default value of 7 days.
  2. Delete the AWS IAM policy that allows users to modify the backup retention period for RDS instances.

Note:

  • You can also use the Amazon RDS API to modify the backup retention period for RDS instances.
  • For more information, see the Amazon RDS documentation: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html.

Reference:

  • Amazon RDS documentation: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html

Tags and Keywords:

  • rds
  • backup
  • retention
  • policy
  • disaster recovery
  • compliance