iCompaas Support

Profile Applicability:
 Level 1

Description:
Backups help protect your data from accidental loss or database failure. With Amazon Aurora, you can enable automatic backups and specify a retention period. The backups include a daily snapshot of the entire DB instance and transaction logs.

Rationale:
 Configuring automatic backups with an appropriate retention period ensures recoverability in the event of data loss or corruption. It provides a reliable mechanism to restore database data to a known good state.

Impact:
 Without backups, recovery from data loss may not be possible. Enabling and configuring automated backups ensures data durability and helps meet recovery time objectives.

Default Value:
 By default, Aurora enables backups with a retention period of 7 days.

Pre-requisites:

• Aurora DB instance must be deployed.

• User must have AWS Console or CLI access with appropriate IAM permissions.
  

Remediation:

Test Plan

Using AWS Console:

1. Sign in to the AWS Management Console.
   

2. Navigate to Amazon RDS Dashboard.
   

3. Click on Databases, then select the desired Aurora DB instance.
   

4. In the Details section, check the Backup retention period and Backup window.
   

5. Ensure the Backup retention period is greater than 0.
   

Using AWS CLI:

1. Run the following command to list the backup retention period for all DB instances:
   

   aws rds describe-db-instances --query 'DBInstances[*].{DBInstanceIdentifier:DBInstanceIdentifier, BackupRetentionPeriod:BackupRetentionPeriod}' --output table

2. Verify that the BackupRetentionPeriod is greater than 0 for the specific DB instance you are auditing.

Implementation Plan

Using AWS Console:

1. Sign in to the AWS Management Console.
   

2. Navigate to Amazon RDS > Databases.
   

3. Select your Aurora DB instance.
   

4. Click Modify.
   

5. In the Backup section:
   

   • Set Backup retention period to 1–35 days.
     

   • Configure the Preferred backup window.
     

6. Scroll to the bottom and select whether to Apply immediately or during the next maintenance window.
   

7. Click Continue, then Modify DB Instance.
   

Using AWS CLI:

1. Modify the DB instance to enable backups by setting a retention period:

   aws rds modify-db-instance --db-instance-identifier <your-db-instance-identifier> --backup-retention-period 7 --apply-immediately

2. (Optional) Configure the preferred backup window (e.g., between 3:00 AM and 3:30 AM UTC):
   

    aws rds modify-db-instance --db-instance-identifier <your-db-instance-identifier> --preferred-backup-window 03:00-03:30 --apply-immediately

Backout Plan

Using AWS Console:

1. Sign in to the AWS Console.
   

2. Navigate to Amazon RDS > Databases.
   

3. Select the same DB instance.
   

4. Click Modify.
   

5. In the Backup section, set the Backup retention period to 0.
   

6. Click Continue, then Modify DB Instance.
   

Using AWS CLI:

1. Set the backup retention period to 0 to disable automatic backups:
   

    aws rds modify-db-instance --db-instance-identifier <your-db-instance-identifier> --backup-retention-period 0 --apply-immediately

References:

• AWS Cloud Databases
  

• CIS AWS Database Services Benchmark v1.0.0, Section 2.10