More Info:

This rule checks if a recovery point was created for Amazon Elastic File System (Amazon EFS) File Systems. The rule is NON_COMPLIANT if the Amazon EFS File System does not have a corresponding Recovery Point created within the specified time period.

Risk Level

High

Address

Configuration

Compliance Standards

CBP,SEBI

Remediation

Using Console

To remediate the misconfiguration of Elastic File System (EFS) not having a recovery point in AWS, you can follow these steps using the AWS Management Console:

  1. Login to AWS Console: Go to the AWS Management Console (https://aws.amazon.com/console/) and log in to your AWS account.

  2. Navigate to Elastic File System (EFS): In the AWS Management Console, navigate to the Elastic File System (EFS) service by either searching for it in the search bar or by locating it under the “Storage” category.

  3. Select the EFS File System: From the list of EFS file systems, select the EFS file system for which you want to enable recovery points.

  4. Enable Automatic Backups: In the EFS file system details page, click on the “Automatic backups” tab or option.

  5. Configure Backup Settings: In the Automatic backups settings, you can configure the backup frequency, retention period, and other settings as per your requirements. Ensure that you enable automatic backups and set a suitable retention period to have recovery points available for your EFS file system.

  6. Save Changes: Once you have configured the backup settings, click on the “Save” or “Update” button to apply the changes.

  7. Verify Configuration: Verify that automatic backups are enabled for your EFS file system by checking the backup status and configuration details.

By following these steps, you can remediate the misconfiguration of Elastic File System (EFS) not having a recovery point in AWS and ensure that you have recovery points available for your EFS file system to recover data in case of any issues or failures.

Using CLI

To remediate the misconfiguration of Elastic File System (EFS) not having a recovery point in AWS, you can create a backup or snapshot of the EFS file system. Here are the step-by-step instructions to remediate this issue using AWS CLI:

  1. Identify the EFS File System: First, you need to identify the EFS file system for which you want to create a recovery point. You can do this by listing all the EFS file systems in your AWS account using the following AWS CLI command:

    aws efs describe-file-systems

  2. Create a Recovery Point (Snapshot): Once you have identified the EFS file system, you can create a recovery point by taking a snapshot of the file system. Use the following AWS CLI command to create a snapshot of the EFS file system:

    aws efs create-backup --file-system-id <file-system-id>

    Replace <file-system-id> with the actual ID of the EFS file system you want to create a recovery point for.

  3. Monitor the Backup Progress: You can monitor the progress of the backup creation by describing the backup using the following AWS CLI command:

    aws efs describe-backup --backup-id <backup-id>

    Replace <backup-id> with the actual ID of the backup created in the previous step.

  4. Verify the Recovery Point: Once the backup creation is complete, you can verify the recovery point by listing all the backups of the EFS file system using the following AWS CLI command:

    aws efs describe-backups --file-system-id <file-system-id>

    Replace <file-system-id> with the actual ID of the EFS file system.

By following these steps, you can create a recovery point (snapshot) for the EFS file system in AWS using AWS CLI, thus remediating the misconfiguration of not having a recovery point for the EFS.

Using Python

To remediate the misconfiguration of Elastic File System (EFS) not having a recovery point in AWS EC2 using Python, you can follow these steps:

  1. Install Boto3: Boto3 is the AWS SDK for Python. You can install it using pip:

    pip install boto3

  2. Create a Recovery Point: You can create a recovery point for your EFS using the AWS Backup service. Below is a sample Python script that creates a backup plan and initiates a backup for an EFS file system.

import boto3

# Initialize the AWS service clients
backup_client = boto3.client('backup')

# Define the EFS file system ID for which you want to create a recovery point
efs_file_system_id = 'your_efs_file_system_id'

# Create a backup plan
response = backup_client.create_backup_plan(
    BackupPlan = {
        'BackupPlanName': 'EFS_Backup_Plan',
        'BackupPlanRule': {
            'RuleName': 'EFS_Backup_Rule',
            'TargetBackupVaultName': 'your_backup_vault_name',
            'ScheduleExpression': 'cron(0 0 * * ? *)'  # Daily backup at midnight
        }
    }
)

# Create a backup for the EFS file system
response = backup_client.start_backup_job(
    BackupVaultName = 'your_backup_vault_name',
    ResourceArn = f'arn:aws:elasticfilesystem:your_region:your_account_id:file-system/{efs_file_system_id}',
    RecoveryPointTags = {
        'Name': 'EFS_Recovery_Point'
    }
)

print('Recovery point created successfully.')

  1. Replace the placeholders:

    • Replace your_efs_file_system_id with the actual ID of your EFS file system.
    • Replace your_backup_vault_name with the name of your AWS Backup vault.
    • Update the ScheduleExpression in the backup plan as per your desired backup schedule.

  2. Run the Python script: Save the script to a file (e.g., create_recovery_point.py) and run it using Python:

    python create_recovery_point.py

By following these steps and running the Python script, you can create a recovery point for your EFS file system in AWS EC2.