AWS Config Rule: EC2 Resources Protected by Backup Plan
EC2_RESOURCES_PROTECTED_BY_BACKUP_PLAN
Eduardo Van Cauteren
Last Update vor 7 Monaten
Description: Checks if Amazon Elastic Compute Cloud (Amazon EC2) instances are protected by a backup plan. The rule is NON_COMPLIANT if the Amazon EC2 instance is not covered by a backup plan.
Trigger type: Periodic
AWS Region: All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region
How to Resolve Manually
This rule checks wether an EC2 instance is protected by a backup plan. This rule will be marked as non-compliant if an instance is found not being part of an AWS backup plan.
The Config Rule will only check your EC2 Resources with a particular tag - in this case by default we search for resources with the Tag Key "Environment" and Tag Value "Production". This of course can be changed if desired in the StackZone Console when enabling this rule. Any EC2 Resource without the chosen tag key and value will be ignored by this particular Config Rule
To resolve this, you need to include all the non-compliant instances found by the rule in a Backup Plan. To create the backup plan go to AWS Backup service within AWS Console.
Once there, locate and click on Backup plans in the left menu then click on Create backup plan button. You should select the options based on your needs, although we recommend you to select a pre-built template, and indicate a plan name. Use the following picture as reference:
You will also need to add a backup rule according to your organization needs. Once those settings are defined, click on Create plan button.
In the next screen, you will be prompted to assign resources to the plan, this means indicate the EC2 Instances you want to be covered by the plan.
To do this, define a name for the resource assignment and pick the instances you want. You can select specific instances or add all of them at once. Check the following screenshot as an example:
After completing this last step, your EC2 Instances will be part of a Backup plan and AWS Backup will generate Snapshots according to your Backup rule configuration.
How to Resolve with StackZone
The StackZone AWS Backup feature helps you automate schedules backups of your EC2 Instances, EBS Volumes and RDS Instances. All you need to do is tag your AWS resource with "daily", "weekly" or "monthly" schedule and the AWS Backup feature will ensure a backup of your AWS resource is taken depending on your chosen period.
Check out this feature article and learn how to backup any EC2 instance with just a tag.
Want to know more about StackZone and how to make your cloud management simple and secure?
Check our how it works section with easy to follow videos or just create your own StackZone Account here