AWS-RDS-MYSQL-backup-binary-log-disable

Severity: High

Description: This control ensures that Binary Log Format is specified for the MySQL DB Cluster. These are important for replication from a Mater MySQL server to a slave MySQL server. It also plays important role in complete, up-to-date recovery of the databases from the backup. Different binary log formats are used by different version of MySQL and hence should be selected appropriately.

Remediation Steps:

Perform following to update RDS instance backup log configuration :

Login to the AWS Management Console at https://console.aws.amazon.com.
Navigate to RDS console.
Step 1: Create and attach a new custom Cluster Parameter Group to the DB Cluster
1. In Navigation panel, choose Parameter Groups.
2. Click Create parameter group.
3. Select appropriate Parameter group family according to the cluster DB family.
4. Select Type as DB Cluster Parameter group.
5. Add appropriate group name and description, click Create.
6. In the navigation pane, choose Databases.
7. Select the cluster, click Modify.
8. Under Database Options, select the DB cluster parameter group as the newly created parameter group.
9. Click on the Continue.
10. Under Scheduling of modifications option select Apply Immediately.
11. Click on Modify Cluster.
Step 2: Change value of binlog_format in a non-default, custom DB cluster parameter group
1. On Navigation pane, choose Parameter Groups.
2. Select the DB cluster parameter group used by the cluster.
3. Click Edit Parameters.
4. Search for the parameter binlog_format in the parameters search filter.
5. Change the parameter binlog_format to any value other than OFF.
6. Click Save Changes.
7. Select the write instance of the cluster, click Actions.
8. Click Reboot.

Important:

This control is not applicable for AWS GovCloud

Reference :