iCompaas Support

Profile Applicability:

• Level 1

Description:

FSx file systems can be configured to copy tags from the file system to backups created from it. This ensures consistency in resource tracking and management, making it easier to identify and manage backups in line with the associated FSx file system.

Rationale:

Copying tags to backups ensures that the backups are properly organized and categorized, simplifying auditing, billing, and access control. It also ensures that the resources can be tracked effectively for management and compliance purposes.

Impact:

• Positive Impact: Improves the visibility and tracking of backups for FSx file systems.

• Negative Impact: Minimal impact if not configured. It just requires manually tagging backups separately.

Default Value:

By default, FSx file systems do not automatically copy tags to backups. This setting must be enabled manually.

Pre-Requisite:

• AWS Account Access: Ensure you have the necessary permissions to view and update FSx file systems and backups.

• IAM Permissions: You must have permission to view and update resource tags for FSx resources.

Remediation:

Test Plan

Using AWS Console:

1. Sign in to the AWS Management Console.

2. Navigate to the Amazon FSx Console at https://console.aws.amazon.com/fsx/.

3. In the left panel, click on File systems.

4. Select the FSx file system for which you want to check the backup configuration.

5. Check the Backup Configuration section.

6. If the option to Copy tags to backups is not enabled, click Edit and enable this option.           

7. Save the changes.

Using AWS CLI:

1. Run the following command to check if tags are being copied to backups for a specific FSx file system:

aws fsx describe-backups --file-system-id fs-0123456789abcdef0 --query 'Backups[*].Tags'

2. If the output does not show tags being copied to backups, run the following command to enable the feature:

aws fsx update-backup --file-system-id fs-0123456789abcdef0 --copy-tags-to-backups

Implementation Steps:

Using AWS Console:

1. Sign in to the AWS Management Console.

2. Navigate to the Amazon FSx Console at https://console.aws.amazon.com/fsx/.

3. Choose File systems from the left navigation panel.

4. Select the FSx file system.

5. Locate the Backup Configuration section and ensure that Copy tags to backups is enabled.

6. If not enabled, click Edit and enable the option.

7. Save the changes.

Using AWS CLI:

1. Run the following command to list the backups for the FSx file system:

aws fsx describe-backups --file-system-id fs-0123456789abcdef0 --query 'Backups[*].Tags'

2. To configure the file system to copy tags to backups, run the following command:

aws fsx update-backup --file-system-id fs-0123456789abcdef0 --copy-tags-to-backups

Backout Plan:

Using AWS Management Console:

1. Sign in to the AWS Management Console.

2. Navigate to Amazon FSx > File Systems.

3. Select the file system for which the "Copy Tags to Backups" setting was enabled.

4. Under the Tags or Settings section, locate the "Copy Tags to Backups" option.

5. Disable the "Copy Tags to Backups" setting by unchecking the relevant box or toggling the option off.

6. Save the changes to revert the configuration.

Using AWS CLI:

Retrieve the current configuration of the FSx file system:

aws fsx describe-file-systems --file-system-id <file-system-id>

Update the file system to disable the "Copy Tags to Backups" setting:

aws fsx update-file-system \
--file-system-id <file-system-id> \
--no-copy-tags-to-backups

1. Verify the updated configuration:

   aws fsx describe-file-systems --file-system-id <file-system-id

References:

• AWS FSx Documentation

• Amazon FSx Console User Guide

CIS Controls Mapping: