iCompaas Support

Profile Applicability:

• Level 1

Description:
 Enabling backup and recovery for AWS-managed database services such as RDS, QLDB, and DocumentDB ensures that data can be restored in the event of accidental deletion, corruption, or other disruptions. AWS supports automated backups and manual snapshots to safeguard critical data.

Rationale:
 A well-configured backup and recovery strategy ensures data resilience and continuity. It minimizes downtime and data loss by allowing point-in-time recovery and compliance with business continuity and regulatory requirements.

Impact:
 Pros:

• Enables restoration of databases in case of data loss
  

• Supports point-in-time recovery for operational continuity
  

• Helps meet compliance and regulatory needs
  

Cons:

• Additional storage cost for backups
  

• Requires regular validation and periodic testing of restore processes
  

Default Value:
 Automated backups are disabled by default unless configured during instance creation.

Pre-requisites:

• IAM permissions to modify database instances
  

• Running instance of an AWS-managed database
  

• Defined backup retention policy
  

Remediation

Test Plan

Using AWS Console:

1. Sign in to the AWS Console
   

2. Navigate to Amazon RDS > Databases
   

3. Select the target DB instance
   

4. Click Modify
   

5. Scroll to the Backup section
   

6. Check if Enable automated backups is selected
   

7. Confirm the backup retention period is greater than 0
   

8. Verify presence of recent snapshots under Snapshots
   

Using AWS CLI:

1. Check backup retention period:
   

   aws rds describe-db-instances --db-instance-identifier <your-db-instance-id> --query "DBInstances[*].BackupRetentionPeriod"

2. List existing snapshots:
   

    aws rds describe-db-snapshots --db-instance-identifier <your-db-instance-id>

Implementation Plan

Using AWS Console:

1. Sign in to the AWS Console
   

2. Navigate to Amazon RDS > Databases
   

3. Select the DB instance and click Modify
   

4. Scroll to the Backup section
   

5. Set Enable automated backups to Yes
   

6. Set the Backup retention period (1–35 days)
   

7. (Optional) Set the preferred backup window
   

8. Click Continue, then Apply Immediately
   

Using AWS CLI:

1. Enable backups and set retention period:
   

   aws rds modify-db-instance --db-instance-identifier <your-db-instance-id> --backup-retention-period 7 --apply-immediately

2. Set preferred backup window (optional):
   

   aws rds modify-db-instance --db-instance-identifier <your-db-instance-id> --preferred-backup-window 01:00-02:00 --apply-immediately

3. Create a manual snapshot:
   

    aws rds create-db-snapshot --db-instance-identifier <your-db-instance-id> --db-snapshot-identifier <snapshot-id>

Backout Plan

Using AWS Console:

1. Navigate to Amazon RDS > Databases
   

2. Select the DB instance and click Modify
   

3. Scroll to the Backup section
   

4. Set Enable automated backups to No
   

5. Set Backup retention period to 0
   

6. Click Continue, then Apply Immediately
   

Using AWS CLI:

1. Disable automated backups:
   

   aws rds modify-db-instance --db-instance-identifier <your-db-instance-id> --backup-retention-period 0 --apply-immediately

References:

• Amazon Relational Database Service

• Amazon DynamoDB