AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
Storage Gateway Recovery Point Should Be Created Within Specified Duration
More Info:
This rule ensures that the last backup recovery point for Storage Gateway volumes is created within the specified duration.
Risk Level
High
Address
Configuration
Compliance Standards
CBP,SEBI
Triage and Remediation
Remediation
To remediate the misconfiguration of not having Recovery Points created for Storage Gateway in AWS using the AWS Management Console, follow these steps:
-
Login to AWS Console: Go to the AWS Management Console (https://aws.amazon.com/console/) and log in to your AWS account.
-
Navigate to RDS Service: Click on the ‘Services’ dropdown menu at the top left corner of the console, then select ‘RDS’ under the ‘Database’ section.
-
Select the RDS Instance: In the RDS dashboard, select the RDS instance for which you want to enable Recovery Points by clicking on the checkbox next to the instance name.
-
Enable Automated Backups: Click on the ‘Modify’ button at the top of the dashboard to modify the settings of the selected RDS instance.
-
Configure Backup Settings: Scroll down to the ‘Backup’ section of the Modify DB Instance page. Here, you will find the ‘Backup retention period’ setting. Set the desired number of days for which you want to retain automated backups. This will ensure that recovery points are created and retained for the specified period.
-
Enable Automated Backups: Make sure that the ‘Backup retention period’ is set to a value greater than 0 to enable automated backups for the RDS instance.
-
Save Changes: Scroll down to the bottom of the page and click on the ‘Continue’ button, review the changes, and then click on the ‘Modify DB Instance’ button to save the changes.
-
Verify Configuration: Once the modification is completed, go back to the RDS dashboard and check the ‘Backup’ section of the RDS instance to ensure that automated backups are enabled and the backup retention period is set as per your configuration.
By following these steps, you have successfully enabled the creation of Recovery Points for the RDS instance in AWS, ensuring that automated backups are taken at regular intervals as per the specified retention period.
To remediate the misconfiguration of not having Storage Gateway Recovery Point created for AWS Storage Gateway using AWS CLI, you can follow these steps:
Step 1: Open your terminal or command prompt and ensure that you have AWS CLI installed and configured with the necessary permissions to work with RDS.
Step 2: Run the following AWS CLI command to modify the RDS instance to enable automated backups and set the backup retention period. Replace your-rds-instance-identifier
with the actual identifier of your RDS instance and 7
with the desired backup retention period in days.
aws rds modify-db-instance --db-instance-identifier your-rds-instance-identifier --backup-retention-period 7 --apply-immediately
Step 3: Check the status of the modification by running the following command:
aws rds describe-db-instances --db-instance-identifier your-rds-instance-identifier --query 'DBInstances[*].[DBInstanceIdentifier,DBInstanceStatus]'
Step 4: Once the modification is complete and the RDS instance status is available, automated backups will be enabled, and recovery points will be created based on the specified retention period.
By following these steps, you can remediate the misconfiguration of not having Storage Gateway Recovery Point created for AWS RDS using AWS CLI.
To remediate the misconfiguration of not having Storage Gateway Recovery Point created for AWS RDS instances, you can use Python and AWS Boto3 library to create a manual snapshot of the RDS instance. Here are the step-by-step instructions to remediate this issue:
- Install Boto3 library: Ensure you have the Boto3 library installed. You can install it using pip:
pip install boto3
- Configure AWS credentials: Make sure you have AWS credentials configured on your system. You can set it up by running:
aws configure
- Write Python script to create a manual snapshot: Create a Python script (e.g., create_rds_snapshot.py) with the following code snippet:
import boto3
# Define the AWS region and RDS instance identifier
region = 'your_aws_region'
instance_identifier = 'your_rds_instance_identifier'
# Create a boto3 client for RDS
rds_client = boto3.client('rds', region_name=region)
# Create a manual snapshot for the RDS instance
response = rds_client.create_db_snapshot(
DBSnapshotIdentifier='manual-snapshot-' + instance_identifier,
DBInstanceIdentifier=instance_identifier
)
print("Manual snapshot created successfully: ", response)
- Run the Python script: Execute the Python script using the following command:
python create_rds_snapshot.py
- Verify the manual snapshot: Go to the AWS Management Console, navigate to the RDS service, select your RDS instance, and check if the manual snapshot was created successfully.
By following these steps, you can remediate the misconfiguration of not having Storage Gateway Recovery Point created for AWS RDS instances using Python and Boto3 library.
.