AWS-RDS-MYSQL-backup-configuration-enable

Owned by naveen
Last updated: Dec 01, 2021
2 min read

Severity: High

Description: This control ensures that Native Backup (SQLSERVER_BACKUP_RESTORE) option is configured for MSSQL Instances. Backups provide capability to return to a known safe state in case of any failures. In production environments, maintaining the availability of the data is of paramount importance. To support database operations like recovery and rollbacks in MS SQL databases, native backup is used. Copies of databases can be made for various scenarios such as development, testing and demonstrations using the native backups.

Remediation Steps:

Perform following to update RDS instance backup configuration :

  1. Login to the AWS Management Console at https://console.aws.amazon.com.

  2. Step 1: Create and attach a new custom Cluster Parameter Group to the DB Cluster

    1. Navigate to S3 console.

    2. In Navigation panel, choose Buckets.

    3. Click Create bucket.

    4. Enter Bucket Name and select the same region as the RDS MSSQL DB Instance.

    5. Click Next to configure rest parameter for the bucket or click Create to create the bucket with default settings.

  3. Step 2: Create IAM policy to grant role privileges to store MSSQL backups on S3 bucket

    1. Navigate to IAM console.

    2. On Navigation pane, choose Policies.

    3. Click Create policy.

    4. Select S3 as service.

    5. Grant appropriate permission.

    6. Click Review policy.

    7. Enter appropriate Name and Description.

    8. Click Create policy.

  4. Step 3: Create IAM role to grant role for MSSQL backups

    1. Navigate to IAM console.

    2. On Navigation pane, choose Roles.

    3. Click Create role.

    4. Select RDS as service and RDS - Add Role to Database as use case.

    5. Click "Next: Permissions" button.

    6. Attach the policy created above.

    7. Click Next Tags, click Next Review.

    8. Enter appropriate Role Name and Description.

    9. Click Create Role.

  5. Step 4: Enable Native Backups in DB Instance Option Group

    1. Navigate to RDS console.

    2. On Navigation pane, choose Option Groups.

    3. Select the option group to be modified.

    4. Click Add option.

    5. Under Option details, select SQLSERVER_BACKUP_RESTORE for the Option name.

    6. Select the S3 bucket to store the backup and IAM Role to assume for storage.

    7. Select appropriate schedule for applying the settings under Scheduling.

    8. Click Add option.

  6. Step 5: Associate the Option Group with the MSSQL DB Instance

    1. Navigate to RDS console.

    2. On Navigation pane, choose Databases.

    3. Select the option group to be modified.

    4. Click on the Database instance to be modified, click Modify.

    5. Under the Database options configure the Option group setting to select the option group to be associated.

    6. Click on the Continue.

    7. Under Scheduling of modifications option select Apply Immediately.

    8. Click Modify DB Instance.

Important:

  • Native backup and restore is available for all editions of Microsoft SQL Server supported on Amazon RDS.

  • Native backups of databases larger than 1 TB are not supported.

  • Native restores of differential backups are not currently supported.

Reference :

Blue Hexagon Proprietary