Control: 2 Amazon EFS volumes should be in backup plans
Description
This control checks whether Amazon Elastic File System (Amazon EFS) file systems are added to the backup plans in AWS Backup. The control fails if Amazon EFS file systems are not included in the backup plans.
Including EFS file systems in the backup plans helps you to protect your data from deletion and data loss.
Remediation
To remediate this issue, update your file system to enable automatic backups.
To enable automatic backups for an existing file system
- Open the Amazon Elastic File System console.
- On the
File systemspage, choose the file system for which to enable automatic backups. The File system details page is displayed. - Under
General, chooseEdit. - To enable automatic backups, select
Enable automatic backups. - Choose
Save changes.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.foundational_security_efs_2Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.foundational_security_efs_2 --shareSQL
This control uses a named query:
with backup_protected_file_system as ( select resource_arn as arn from aws_backup_protected_resource as b where resource_type = 'EFS')select f.arn as resource, case when b.arn is not null then 'ok' else 'alarm' end as status, case when b.arn is not null then f.title || ' is protected by backup plan.' else f.title || ' is not protected by backup plan.' end as reason , f.region, f.account_idfrom aws_efs_file_system as f left join backup_protected_file_system as b on f.arn = b.arn;