More Info:

This rule checks if a recovery point was created for Amazon Elastic Compute Cloud (Amazon EC2) instances. The rule is NON_COMPLIANT if the Amazon EC2 instance does not have a corresponding recovery point created within the specified time period.

Risk Level

High

Address

Configuration

Compliance Standards

CBP

Triage and Remediation

Remediation

To remediate the misconfiguration of not having a recovery point for an AWS EC2 instance, you can set up automated backups using AWS Backup. Here is a step-by-step guide on how to do this using the AWS Management Console:

  1. Login to AWS Console: Go to the AWS Management Console (https://aws.amazon.com/console/) and login to your AWS account.

  2. Navigate to AWS Backup: In the AWS Management Console, search for “AWS Backup” in the services search bar and click on the AWS Backup service.

  3. Create a Backup Plan:

    • Click on “Backup plans” in the left-hand navigation pane.
    • Click on the “Create backup plan” button.
    • Enter a name for your backup plan and a description (optional).
    • Under “Backup rule”, click on “Add rule”.
    • Configure the backup rule settings such as:
      • Backup frequency (e.g., daily)
      • Backup window
      • Lifecycle (how long to retain backups)
      • Backup vault (where to store the backups)
    • Click “Create plan” to save the backup plan.
  4. Assign Backup Plan to EC2 Instance:

    • Go back to the AWS Backup console home page.
    • Click on “Protected resources” in the left-hand navigation pane.
    • Click on the “Add resource” button.
    • Select “EC2” as the resource type.
    • Select the specific EC2 instance(s) that you want to include in the backup plan.
    • Click “Add resource” to save the configuration.
  5. Monitor Backups:

    • You can monitor the backups and their status under the “Protected resources” and “Backup plans” sections in the AWS Backup console.
    • You can also set up notifications for backup events by configuring Amazon CloudWatch Events.

By following these steps, you have successfully remediated the misconfiguration of not having a recovery point for your AWS EC2 instance by setting up automated backups using AWS Backup.