22

RDS Config Rules

Last Update 20 päivää sitten

AWS Config Rule: RDS Storage Encrypted AWS Config Rule: RDS Instance Public Access Check AWS Config Rule: RDS DB Security Group Not Allowed AWS Config Rule: Aurora MySQL Backtracking Enabled AWS Config Rule: RDS Snapshot Encrypted

AWS Config Rule: Aurora Last Backup Recovery Point Created

AURORA_LAST_BACKUP_RECOVERY_POINT_CREATED

Ryan Ware

Last Update yhdeksän kuukautta sitten

Description: Checks if a recovery point was created for Amazon Aurora DB Clusters. The rule is NON_COMPLIANT if the Amazon Relational Database Service (Amazon RDS) DB Cluster does not have a corresponding recovery point created within the specified time period.


Trigger type: Periodic


AWS Region: All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Europe (Spain), China (Ningxia), Europe (Zurich) Region

How to Resolve Manually

This AWS Config Rule will check each Aurora DB Cluster in your account, within each region too.


This AWS Config Rule takes two parameters when calculating wether or not you have a backup recovery point created within your time period, they are;


  • recoveryPointAgeValue
  • recoveryPointAgeUnit


By default, StackZone sets these to equate to one day - which means if you have a backup recovery point for your Aurora DB Cluster which is within the last day - you will show as COMPLIANT for this particular AWS Config Rule. If a backup recovery point does not exist within that timeframe, it will show as NON_COMPLIANT


To get to this point, you will need to incorporate AWS Backup. This  StackZone article shows how you can use the Backup feature offered by StackZone, which may help you get Backup Standards up to scratch.

How to Resolve with StackZone

StackZone can automatically remediate any non-compliant resources for you! 


This Remediation creates an Amazon RDS Aurora Cluster Recovery Point in the AWS Backup Vault defined as an automated action from the AWS Last Backup Recovery Point Created Config Rule.


You can enable this by heading over to Provisioning > Baseline Services -> Config Rules Regional -> Amazon RDS and enable RDS Aurora Last Backup Recovery Point Created Remediation

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

0 out of 0 liked this article

Still need help? Message Us