More Info:

This rule checks if a recovery point was created for Amazon FSx File Systems. The rule is NON_COMPLIANT if the Amazon FSx File System does not have a corresponding recovery point created within the specified time period.

Risk Level

High

Address

Configuration

Compliance Standards

CBP,SEBI

Remediation

Using Console

To remediate the misconfiguration of FSx not having a recovery point for AWS EC2 using the AWS console, follow these steps:

  1. Navigate to AWS Console: Go to the AWS Management Console (https://aws.amazon.com/console/).

  2. Open Amazon FSx Console: Click on the “Services” dropdown menu at the top left corner, search for “FSx”, and click on “Amazon FSx”.

  3. Select FSx File System: In the Amazon FSx dashboard, select the FSx file system that you want to create a recovery point for by clicking on it.

  4. Create Recovery Point: In the FSx file system details page, navigate to the “Data repositories” tab and click on the “Create backup” button.

  5. Configure Backup: In the “Create backup” wizard, configure the backup settings such as backup type (daily or weekly), retention period, and preferred backup window.

  6. Review and Create: Review the backup settings to ensure they meet your requirements, then click on the “Create backup” button to initiate the creation of a recovery point for the FSx file system.

  7. Monitor Backup Progress: Monitor the progress of the backup creation in the Amazon FSx console. Once the backup is successfully created, you will have a recovery point for your FSx file system.

By following these steps, you have successfully remediated the misconfiguration of FSx not having a recovery point for your AWS EC2 instance using the AWS console.

Using CLI

To remediate the misconfiguration of FSx not having a recovery point for AWS EC2 using AWS CLI, you can follow these steps:

  1. Create a Backup for FSx File System:

    • Use the create-backup command to create a backup for the FSx file system. 
      aws fsx create-backup --file-system-id fs-1234567890abcdef0 --tags Key=Name,Value=Backup1
    • Replace fs-1234567890abcdef0 with the actual File System ID of your FSx file system.

  2. Verify Backup Status:

    • Use the describe-backups command to check the status of the backup. 
      aws fsx describe-backups --backup-ids backup-0abcdef1234567890
    • Replace backup-0abcdef1234567890 with the Backup ID of the backup created in the previous step.

  3. Enable Automatic Backups (Optional):

    • To ensure that automatic backups are enabled for future backups, you can use the update-file-system command. 
      aws fsx update-file-system --file-system-id fs-1234567890abcdef0 --lustre-configuration WeeklyMaintenanceStartTime=1:00:00
    • Replace fs-1234567890abcdef0 with the actual File System ID of your FSx file system.

By following these steps, you can remediate the misconfiguration of FSx not having a recovery point for your AWS EC2 instance using AWS CLI.

Using Python

To remediate the misconfiguration related to Amazon FSx not having a Recovery Point for AWS EC2 using Python, you can follow these steps:

  1. Install Boto3: Boto3 is the Amazon Web Services (AWS) SDK for Python. You can install it using pip:

    pip install boto3

  2. Create a Python script: Create a Python script with the following code to enable automatic backups (recovery points) for the Amazon FSx file system associated with your EC2 instance.

import boto3

# Initialize the Boto3 client for FSx
fsx_client = boto3.client('fsx', region_name='your_aws_region')

# Specify the ID of the FSx file system associated with your EC2 instance
fsx_file_system_id = 'your_fsx_file_system_id'

# Enable automatic backups for the FSx file system
response = fsx_client.update_file_system(
    FileSystemId=fsx_file_system_id,
    LustreConfiguration={
        'WeeklyMaintenanceStartTime': '1:00:00',
        'DataRepositoryConfiguration': {
            'AutoImportPolicy': 'NONE',
            'ExportPath': 'string',
            'ImportPath': 'string'
        }
    },
    WindowsConfiguration={
        'WeeklyMaintenanceStartTime': '1:00:00',
        'AutomaticBackupRetentionDays': 30,
        'DailyAutomaticBackupStartTime': '1:00:00',
        'ThroughputCapacity': 8,
        'SelfManagedActiveDirectoryConfiguration': {
            'UserName': 'string',
            'Password': 'string',
            'DnsIps': [
                'string',
            ]
        }
    }
)

print("Automatic backups enabled for FSx file system with ID:", fsx_file_system_id)

  1. Replace placeholders: Replace 'your_aws_region' with the AWS region where your FSx file system is located, and 'your_fsx_file_system_id' with the actual ID of your FSx file system.

  2. Run the script: Execute the Python script in your local environment or on an EC2 instance with appropriate IAM roles that have permissions to modify FSx configurations.

This script will enable automatic backups for the specified Amazon FSx file system associated with your EC2 instance, ensuring that a recovery point is available in case of data loss or corruption.