FSx Should Have Backup Plan
More Info:
This rule checks if Amazon FSx File Systems are protected by a backup plan. The rule is NON_COMPLIANT if the Amazon FSx File System is not covered by a backup plan.
Risk Level
High
Address
Configuration
Compliance Standards
CBP,SEBI,RBI_MD_ITF
Remediation
Using Console
- Navigate to the AWS Backup console.
- Click on “Backup plans” from the navigation pane.
- Click on “Create backup plan”.
- Configure the backup plan settings:
- Specify a name for the backup plan.
- Choose the frequency and timing for backups.
- Define the lifecycle settings for backups (e.g., retention period).
- Specify the resources to backup (select the EFS file systems).
- Save the backup plan.
Using CLI
aws backup create-backup-plan --backup-plan-name <backup-plan-name> --backup-plan <backup-plan-definition>
Replace <backup-plan-name>
with a name for the backup plan and <backup-plan-definition>
with a JSON or YAML file containing the backup plan definition, including settings such as backup frequency, retention period, and resources to backup.
Using Python
import boto3
def remediate_efs_resources_backup_plan(file_system_arns, backup_vault_name):
# Initialize AWS Backup client
backup_client = boto3.client('backup')
# Create a backup plan for the specified EFS file systems
response = backup_client.create_backup_plan(
BackupPlan={
'BackupPlanName': 'YourBackupPlanName',
'BackupPlanRule': {
'RuleName': 'DefaultRule',
'TargetBackupVaultName': backup_vault_name,
'ScheduleExpression': 'cron(0 0 * * ? *)', # Example: Daily backup at midnight
'StartWindowMinutes': 60,
'CompletionWindowMinutes': 60,
},
'AdvancedBackupSettings': [
{
'BackupOptions': {
'WindowsVSS': False,
'BackupMode': 'FULL',
'FileSystemLifecycle': 'SYSTEM'
},
'ResourceType': 'EFS'
}
]
}
)
print("Backup plan created successfully.")
def main():
# Specify the ARNs of the EFS file systems to protect
file_system_arns = ['your-file-system-arn1', 'your-file-system-arn2']
# Specify the name of the backup vault
backup_vault_name = 'your-backup-vault-name'
# Remediate EFS resources by creating a backup plan
remediate_efs_resources_backup_plan(file_system_arns, backup_vault_name)
if __name__ == "__main__":
main()
Replace 'your-file-system-arn1', 'your-file-system-arn2'
with the ARNs of the EFS file systems you want to protect, and 'your-backup-vault-name'
with the name of the backup vault where backups will be stored. This script creates a backup plan for the specified EFS file systems, ensuring they are protected by backups according to the specified schedule and retention policy. Adjust the backup plan settings as needed.