More Info:

This rule checks if Amazon Elastic File System (Amazon EFS) file systems are added in the backup plans of AWS Backup. The rule is NON_COMPLIANT if EFS file systems are not included in the backup plans.

Risk Level

Medium

Address

Configuration

Compliance Standards

CBP,SEBI,RBI_MD_ITF,RBI_UCB

Remediation

Using Console

To remediate the misconfiguration of Elastic File System (EFS) not being included in the backup plan for AWS EC2 instances, you can follow these steps using the AWS Management Console:

  1. Create an EFS Backup Plan:

    • Go to the AWS Management Console and navigate to the AWS Backup service.
    • Click on “Create backup plan” and provide a name for your backup plan.
    • Select the resources you want to include in the backup plan, in this case, select the Elastic File System (EFS) that you want to backup.
    • Configure the backup settings such as backup frequency, retention period, and backup window according to your requirements.
    • Review and create the backup plan.

  2. Associate EC2 Instances with the Backup Plan:

    • Go to the AWS Backup service in the AWS Management Console.
    • Click on “Protected resources” and then “Add resource”.
    • Select the EC2 instances that are using the EFS that you want to backup.
    • Associate these EC2 instances with the backup plan you created in the previous step.

  3. Verify Backup Configuration:

    • Once the backup plan is created and EC2 instances are associated with it, verify that the EFS is now included in the backup plan.
    • Check the backup schedule and retention period to ensure that it meets your backup requirements.

By following these steps, you have successfully remediated the misconfiguration of not including Elastic File System (EFS) in the backup plan for AWS EC2 instances. This will help ensure that your EFS data is backed up regularly and can be restored in case of any data loss or corruption.

Using CLI

To remediate the misconfiguration of Elastic File System (EFS) not being included in the backup plan for AWS EC2 instances using AWS CLI, you can follow these steps:

  1. Create an EFS Backup Plan:

    • Use the following AWS CLI command to create a backup plan for the EFS file system: 
      aws backup create-backup-plan --backup-plan '{"BackupPlanName": "EFSBackupPlan", "BackupPlanRule": {"RuleName": "EFSBackupRule", "TargetBackupVaultName": "MyBackupVault", "ScheduleExpression": "cron(0 12 * * ? *)"}}'
    • In the above command, replace MyBackupVault with the name of your existing backup vault.

  2. Assign EFS to Backup Plan:

    • Associate the EFS file system with the backup plan created in the previous step using the following AWS CLI command: 
      aws backup associate-file-systems --backup-plan-id <BackupPlanId> --file-system-arns <EFSFileSystemARN>
    • Replace <BackupPlanId> with the ID of the backup plan created in step 1 and <EFSFileSystemARN> with the ARN of the EFS file system that needs to be included in the backup plan.

  3. Verify Backup Plan:

    • Check the backup plan to ensure that the EFS file system is included in the backup schedule using the following AWS CLI command: 
      aws backup get-backup-plan --backup-plan-id <BackupPlanId>
    • Verify that the EFS file system is listed under the resources included in the backup plan.

By following these steps, you can remediate the misconfiguration of not having the Elastic File System included in the backup plan for AWS EC2 instances using AWS CLI.

Using Python

To remediate the misconfiguration of Elastic File System not being included in the backup plan for AWS EC2 using Python, you can follow these steps:

  1. Import necessary libraries: First, you need to import the required Python libraries to interact with AWS services. You can use the boto3 library for this purpose.
import boto3
  1. Initialize AWS client: Create an AWS client for the EC2 service using boto3.
ec2_client = boto3.client('ec2')
  1. Get EFS file system ID: Retrieve the EFS file system ID that needs to be included in the backup plan. You can either provide this ID as input or fetch it programmatically.
efs_file_system_id = 'fs-12345678'  # Replace with your EFS file system ID
  1. Create a backup plan: Define a backup plan that includes the EFS file system for backup. You can specify the backup schedule, retention policy, etc., as per your requirements.
backup_client = boto3.client('backup')

response = backup_client.create_backup_plan(
    BackupPlan={
        'BackupPlanName': 'EFS-Backup-Plan',
        'Rules': [
            {
                'RuleName': 'EFS-Backup-Rule',
                'TargetBackupVaultName': 'MyBackupVault',
                'ScheduleExpression': 'cron(0 0 * * ? *)',  # Daily backup at midnight
                'StartWindowMinutes': 60,
                'CompletionWindowMinutes': 60,
                'Lifecycle': {
                    'DeleteAfterDays': 30  # Retention period
                }
            }
        ]
    }
)
  1. Add EFS file system to the backup plan: Associate the EFS file system with the backup plan created in the previous step.
response = backup_client.associate_file_system(
    BackupPlanId=response['BackupPlanId'],
    FileSystemId=efs_file_system_id
)
  1. Verify the backup plan: You can verify the backup plan settings and ensure that the EFS file system is included in the plan.
response = backup_client.get_backup_plan(
    BackupPlanId=response['BackupPlanId']
)

print(response)

By following these steps, you can remediate the misconfiguration of not including the Elastic File System in the backup plan for AWS EC2 using Python.