Profile Applicability:

  • Level 1

Description:

Amazon Neptune provides automatic backups that can be retained for a configurable number of days. It is recommended that Neptune DB clusters have a Backup Retention Period of at least 7 days to ensure that data can be restored in case of accidental deletion, corruption, or other data loss events.

Rationale:

  • Disaster Recovery: Having a sufficient backup retention period ensures that data can be restored if accidental deletions or failures occur.

  • Data Integrity: Longer backup retention allows for recovery from data corruption issues that might not be detected immediately.

  • Compliance: Many industry standards and regulations require a minimum backup retention period (e.g., SOC 2, ISO 27001).

  • Operational Resilience: Maintaining backups over several days enhances the ability to roll back to a known-good state.

Impact:

Pros:

  • Ensures data availability for longer periods.

  • Supports disaster recovery and business continuity plans.

  • Helps in adhering to compliance and regulatory requirements.

Cons:

  • Increased Storage Costs: Longer retention periods may lead to higher backup storage costs.

  • Resource Management: Managing a larger set of backups might require additional operational oversight.

Default Value:

  • The default Backup Retention Period for Neptune DB clusters is 1 day.

Pre-Requisites:

  • AWS IAM permissions:

    • neptune:DescribeDBClusters

    • neptune:ModifyDBCluster

  • AWS CLI installed and configured.

  • Access to the AWS Management Console.

Remediation:

Test Plan:

Using AWS Console:

  1. Sign in to the AWS Management Console.

  2. Navigate to Amazon Neptune service.

 

  1. In the left navigation pane, click on Databases → DB Clusters.

         

  1. Select the Neptune DB cluster you want to check.

     

  1. Under the Configuration tab, find Backup Retention Period.

    • Pass: If the retention period is 7 days or more.

    • Fail: If the retention period is less than 7 days.

       

Using AWS CLI:

List Neptune DB Clusters:

aws neptune describe-db-clusters --region <region> --query 'DBClusters[*].{DBClusterIdentifier:DBClusterIdentifier,BackupRetentionPeriod:BackupRetentionPeriod}'

Example output:

[

  {

    "DBClusterIdentifier": "my-neptune-cluster",

    "BackupRetentionPeriod": 1

  }

]

  • Pass: If "BackupRetentionPeriod" is 7 or higher.

  • Fail: If "BackupRetentionPeriod" is less than 7.

Implementation Steps:

Using AWS Console:

  1. Sign in to the AWS Management Console.

  2. Navigate to Amazon Neptune.

  

  1. Go to DB Clusters and select the cluster to modify.

   

  1. Click on Modify Cluster.

     

  1. In the Backup section, set Backup Retention Period to 7 or more days.

       

  1. Review your changes and click Continue.

 

  1. Select Apply Immediately or schedule the changes during the next maintenance window.

 

  1. Click Modify Cluster.

Using AWS CLI:

Set Backup Retention Period to 7 Days

aws neptune modify-db-cluster \
--db-cluster-identifier <db-cluster-identifier> \
--backup-retention-period 7 \
--apply-immediately \
--region <region>

Verify the Changes:

aws neptune describe-db-clusters --region <region> \

--query 'DBClusters[*].{DBClusterIdentifier:DBClusterIdentifier,BackupRetentionPeriod:BackupRetentionPeriod}'

Expected output:

[
  {
    "DBClusterIdentifier": "my-neptune-cluster",

    "BackupRetentionPeriod": 7
  }
]


Backout Plan:

If the change causes unintended issues or if a different backup retention period is needed:

  1. Go to Amazon Neptune → DB Clusters.

  2. Select the cluster and choose Modify Cluster.

  3. Set Backup Retention Period back to the previous value.

  4. Apply the changes immediately or during the next maintenance window.

References:

  1. Amazon Neptune Documentation

  2. AWS CLI Neptune Documentation

  3. Managing Amazon Neptune Backups