More Info:

This rule checks if Amazon FSx File Systems are protected by a backup plan. The rule is NON_COMPLIANT if the Amazon FSx File System is not covered by a backup plan.

Risk Level

High

Address

Configuration

Compliance Standards

CBP,SEBI,RBI_MD_ITF

Remediation

Using Console

  1. Navigate to the AWS Backup console.
  2. Click on “Backup plans” from the navigation pane.
  3. Click on “Create backup plan”.
  4. Configure the backup plan settings:
    • Specify a name for the backup plan.
    • Choose the frequency and timing for backups.
    • Define the lifecycle settings for backups (e.g., retention period).
    • Specify the resources to backup (select the EFS file systems).
  5. Save the backup plan.

Using CLI

aws backup create-backup-plan --backup-plan-name <backup-plan-name> --backup-plan <backup-plan-definition>

Replace <backup-plan-name> with a name for the backup plan and <backup-plan-definition> with a JSON or YAML file containing the backup plan definition, including settings such as backup frequency, retention period, and resources to backup.

Using Python

import boto3

def remediate_efs_resources_backup_plan(file_system_arns, backup_vault_name):
    # Initialize AWS Backup client
    backup_client = boto3.client('backup')

    # Create a backup plan for the specified EFS file systems
    response = backup_client.create_backup_plan(
        BackupPlan={
            'BackupPlanName': 'YourBackupPlanName',
            'BackupPlanRule': {
                'RuleName': 'DefaultRule',
                'TargetBackupVaultName': backup_vault_name,
                'ScheduleExpression': 'cron(0 0 * * ? *)',  # Example: Daily backup at midnight
                'StartWindowMinutes': 60,
                'CompletionWindowMinutes': 60,
            },
            'AdvancedBackupSettings': [
                {
                    'BackupOptions': {
                        'WindowsVSS': False,
                        'BackupMode': 'FULL',
                        'FileSystemLifecycle': 'SYSTEM'
                    },
                    'ResourceType': 'EFS'
                }
            ]
        }
    )

    print("Backup plan created successfully.")

def main():
    # Specify the ARNs of the EFS file systems to protect
    file_system_arns = ['your-file-system-arn1', 'your-file-system-arn2']

    # Specify the name of the backup vault
    backup_vault_name = 'your-backup-vault-name'

    # Remediate EFS resources by creating a backup plan
    remediate_efs_resources_backup_plan(file_system_arns, backup_vault_name)

if __name__ == "__main__":
    main()

Replace 'your-file-system-arn1', 'your-file-system-arn2' with the ARNs of the EFS file systems you want to protect, and 'your-backup-vault-name' with the name of the backup vault where backups will be stored. This script creates a backup plan for the specified EFS file systems, ensuring they are protected by backups according to the specified schedule and retention policy. Adjust the backup plan settings as needed.