AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
Elastic Compute Cloud Should Have Recovery Point
More Info:
This rule checks if a recovery point was created for Amazon Elastic Compute Cloud (Amazon EC2) instances. The rule is NON_COMPLIANT if the Amazon EC2 instance does not have a corresponding recovery point created within the specified time period.
Risk Level
High
Address
Configuration
Compliance Standards
CBP
Triage and Remediation
Remediation
To remediate the misconfiguration of not having a recovery point for an AWS EC2 instance, you can set up automated backups using AWS Backup. Here is a step-by-step guide on how to do this using the AWS Management Console:
-
Login to AWS Console: Go to the AWS Management Console (https://aws.amazon.com/console/) and login to your AWS account.
-
Navigate to AWS Backup: In the AWS Management Console, search for “AWS Backup” in the services search bar and click on the AWS Backup service.
-
Create a Backup Plan:
- Click on “Backup plans” in the left-hand navigation pane.
- Click on the “Create backup plan” button.
- Enter a name for your backup plan and a description (optional).
- Under “Backup rule”, click on “Add rule”.
- Configure the backup rule settings such as:
- Backup frequency (e.g., daily)
- Backup window
- Lifecycle (how long to retain backups)
- Backup vault (where to store the backups)
- Click “Create plan” to save the backup plan.
-
Assign Backup Plan to EC2 Instance:
- Go back to the AWS Backup console home page.
- Click on “Protected resources” in the left-hand navigation pane.
- Click on the “Add resource” button.
- Select “EC2” as the resource type.
- Select the specific EC2 instance(s) that you want to include in the backup plan.
- Click “Add resource” to save the configuration.
-
Monitor Backups:
- You can monitor the backups and their status under the “Protected resources” and “Backup plans” sections in the AWS Backup console.
- You can also set up notifications for backup events by configuring Amazon CloudWatch Events.
By following these steps, you have successfully remediated the misconfiguration of not having a recovery point for your AWS EC2 instance by setting up automated backups using AWS Backup.
To remediate the misconfiguration of not having a recovery point for an AWS EC2 instance using AWS CLI, follow these steps:
-
Create a Snapshot of the EC2 Instance Volume:
- Run the following AWS CLI command to create a snapshot of the EC2 instance volume:
Replace
aws ec2 create-snapshot --volume-id <VOLUME_ID>
<VOLUME_ID>
with the actual Volume ID of the EC2 instance.
- Run the following AWS CLI command to create a snapshot of the EC2 instance volume:
-
Tag the Snapshot (Optional but recommended):
- You can tag the snapshot for better organization. Run the following command to add tags to the snapshot:
Replace
aws ec2 create-tags --resources <SNAPSHOT_ID> --tags Key=Name,Value=<SNAPSHOT_NAME>
<SNAPSHOT_ID>
with the Snapshot ID generated in the previous step and<SNAPSHOT_NAME>
with a descriptive name for the snapshot.
- You can tag the snapshot for better organization. Run the following command to add tags to the snapshot:
-
Verify the Snapshot:
- You can verify the snapshot creation by running the following command:
Replace
aws ec2 describe-snapshots --snapshot-ids <SNAPSHOT_ID>
<SNAPSHOT_ID>
with the Snapshot ID obtained in step 1.
- You can verify the snapshot creation by running the following command:
-
Automate Snapshot Creation (Optional):
- To ensure regular snapshots are taken, you can set up a scheduled snapshot creation using AWS Lambda and CloudWatch Events.
By following these steps, you have successfully remediated the misconfiguration by creating a recovery point (snapshot) for the AWS EC2 instance using AWS CLI.
To remediate the misconfiguration of not having a Recovery Point for an AWS EC2 instance using Python, you can create a new Amazon Machine Image (AMI) of the EC2 instance. Follow these steps:
-
Install Boto3: Boto3 is the AWS SDK for Python. You can install it using pip:
pip install boto3
-
Create a new AMI: Use the following Python script to create a new AMI of the EC2 instance. Replace
INSTANCE_ID
with the ID of the EC2 instance for which you want to create a Recovery Point.import boto3 # Initialize the EC2 client ec2 = boto3.client('ec2') # Define the instance ID for which you want to create a Recovery Point INSTANCE_ID = 'YOUR_INSTANCE_ID' # Create a new AMI of the instance response = ec2.create_image( InstanceId=INSTANCE_ID, Name='Recovery-Point-Image', NoReboot=True # Set to True if you want to create the AMI without rebooting the instance ) # Print the response print(response)
-
Run the Python script: Save the above script in a Python file (e.g.,
create_ami.py
) and run it using the following command:python create_ami.py
-
Verify the AMI: Go to the AWS Management Console, navigate to the EC2 service, and check if a new AMI with the name ‘Recovery-Point-Image’ has been created. This AMI can be used to restore the EC2 instance to a previous state if needed.
By following these steps and running the Python script, you can create a Recovery Point for an AWS EC2 instance by creating a new Amazon Machine Image.