turbot/steampipe-mod-aws-compliance

Control: 2 Amazon EFS volumes should be in backup plans

Description

This control checks whether Amazon Elastic File System (Amazon EFS) file systems are added to the backup plans in AWS Backup. The control fails if Amazon EFS file systems are not included in the backup plans.

Including EFS file systems in the backup plans helps you to protect your data from deletion and data loss.

Remediation

To remediate this issue, update your file system to enable automatic backups.

To enable automatic backups for an existing file system

  1. Open the Amazon Elastic File System console.
  2. On the File systems page, choose the file system for which to enable automatic backups. The File system details page is displayed.
  3. Under General, choose Edit.
  4. To enable automatic backups, select Enable automatic backups.
  5. Choose Save changes.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.foundational_security_efs_2

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.foundational_security_efs_2 --share

SQL

This control uses a named query:

with backup_protected_file_system as (
select
resource_arn as arn
from
aws_backup_protected_resource as b
where
resource_type = 'EFS'
)
select
f.arn as resource,
case
when b.arn is not null then 'ok'
else 'alarm'
end as status,
case
when b.arn is not null then f.title || ' is protected by backup plan.'
else f.title || ' is not protected by backup plan.'
end as reason
, f.region, f.account_id
from
aws_efs_file_system as f
left join backup_protected_file_system as b on f.arn = b.arn;

Tags