Ensure that your RDS database instances have automated backups enabled for point-in-time recovery. To back up your database instances, AWS RDS take automatically a full daily snapshot of your data (with transactions logs) during the specified backup window and keeps the backups for a limited period of time (known as retention period) defined by the instance owner.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Creating point-in-time RDS instance snapshots periodically will allow you to handle efficiently your data restoration process in the event of a user error on the source database or to save data before making a major change to the instance database such as changing the structure of a table.
Audit
To determine if your RDS database instances have automated backups enabled, perform the following:
Remediation / Resolution
To update your RDS instances configuration and enable automated backups, perform the following:
References
- AWS Documentation
- Amazon RDS FAQs
- Amazon RDS DB Instance Lifecycle
- DB Instance Backups
- Working With Automated Backups
- Modifying a DB Instance and Using the Apply Immediately Parameter
- AWS Command Line Interface (CLI) Documentation
- rds
- describe-db-instances
- modify-db-instance
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
RDS Automated Backups Enabled
Risk level: High