Document DB Cluster Should Have Backup Retention Check
More Info:
Checks if an Amazon Document DB cluster retention period is set to specific number of days. The rule is NON_COMPLIANT if the retention period is less than the value specified by the parameter.Risk Level
MediumAddress
ConfigurationCompliance Standards
CBPTriage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration of missing backup retention settings for an AWS RDS DocumentDB cluster, you can follow these steps using the AWS Management Console:
- Login to AWS Console: Go to the AWS Management Console (https://console.aws.amazon.com/) and login with your credentials.
- Navigate to RDS Service: From the AWS Management Console, navigate to the RDS service by clicking on the “Services” dropdown in the top left corner and selecting “RDS” under the Database category.
- Select DocumentDB Cluster: In the RDS dashboard, locate and select the DocumentDB cluster for which you want to configure backup retention settings.
- Modify Cluster: Click on the cluster identifier to view the cluster details. Then, click on the “Modify” button at the top to edit the cluster settings.
- Configure Backup Retention: Scroll down to the “Backup” section of the modification page. Here, you can set the backup retention period by specifying the number of days you want to retain automated backups for the cluster.
- Enable Automated Backups: Ensure that the “Backup Retention Period” is set to a value greater than 0 to enable automated backups for the cluster. You can choose a retention period based on your backup and recovery requirements.
- Save Changes: After setting the desired backup retention period, scroll to the bottom of the page and click on the “Continue” button. Review the summary of changes and click on the “Modify Cluster” button to apply the new backup retention settings.
- Verify Configuration: Once the modification is complete, go back to the cluster details page and verify that the backup retention period is set correctly. You should see a confirmation that the backup retention settings have been updated successfully.
Using CLI
Using CLI
To remediate the misconfiguration of a Document DB Cluster not having backup retention check in AWS RDS using AWS CLI, you can follow these steps:
- Identify the Document DB Cluster: First, you need to identify the Document DB Cluster for which you want to enable backup retention.
-
Enable Backup Retention: Run the following AWS CLI command to modify the Document DB Cluster to enable backup retention with the desired retention period (in days). Replace
<cluster-identifier>with the actual identifier of your Document DB Cluster and<retention-period>with the desired backup retention period.
- Verify Backup Retention: To verify that the backup retention has been successfully enabled, you can describe the Document DB Cluster using the following AWS CLI command:
- Check Backup Retention Settings: Ensure that the backup retention period is set to the desired value in the output of the above command.
Using Python
Using Python
To remediate the misconfiguration of missing backup retention settings for an AWS RDS DocumentDB cluster using Python, you can use the AWS SDK for Python (Boto3) to update the backup retention period.Here are the step-by-step instructions to remediate this issue:
-
Install Boto3:
If you haven’t already installed the Boto3 library, you can install it using pip:
-
Create a Python script to update the backup retention period:
You can create a Python script with the following code snippet to update the backup retention period for the DocumentDB cluster:
- Configure AWS credentials: Ensure that your AWS credentials are properly configured on the machine where you will run this script. You can set up your AWS credentials using the AWS CLI or environment variables.
- Run the Python script: Save the Python script with the above code snippet and run it. This script will update the backup retention period for the specified DocumentDB cluster to the desired value (in this case, 7 days).