Ensure that Backtrack feature is enabled for your Amazon Aurora with MySQL compatibility database clusters in order to backtrack your clusters to a specific time, without using backups. Backtrack is an AWS Relational Database Service (RDS) feature that allows you to specify the amount of time that an Aurora MySQL database cluster needs to retain change records so that you can have a fast way to recover from user errors, such as dropping the wrong table or deleting the wrong row by moving your MySQL database to a prior point in time without the need to restore from a recent backup. The feature is currently supported only by Aurora MySQL 5.6 database engine.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Once the Backtrack feature is enabled, Amazon RDS can quickly "rewind" your Aurora MySQL database cluster to a point in time that you specify. In contrast to the backup and restore method, with Backtrack you can easily undo a destructive action, such as a DELETE query without a WHERE clause, with minimal downtime, you can rewind your Aurora cluster in just few minutes, and you can repeatedly backtrack a database cluster back and forth in time to help determine when a particular data change occurred.
Audit
To determine if your Amazon Aurora MySQL-compatible database clusters are using the Backtrack feature, perform the following actions:
Remediation / Resolution
To enable Backtrack feature for an existing Amazon Aurora MySQL database cluster, you have to re-create the cluster and configure the feature during setup. To implement backtracking for your Aurora database cluster, perform the following:
References
- AWS Documentation
- Amazon RDS FAQs
- Backtracking an Aurora DB Cluster
- Managing Amazon Aurora MySQL
- Cloning Databases in an Aurora DB Cluster
- AWS Command Line Interface (CLI) Documentation
- rds
- describe-db-clusters
- restore-db-cluster-to-point-in-time
- delete-db-instance
- delete-db-cluster
- AWS Blog(s)
- Amazon Aurora Backtrack – Turn Back Time
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

You are auditing:
Backtrack
Risk level: Low