Ensure that the automated snapshot retention period set for your AWS Redshift clusters is a positive number, meaning that automated backups are enabled for the clusters. The retention period represents the number of days to retain automated snapshots. If the retention period is set to zero, automated snapshots are disabled for your Redshift clusters. You can still create manual backups when automated snapshots are disabled (retention period set to 0), however, automated actions are more reliable than manual processes, helping you to improve Redshift data protection and recoverability.
This rule can help you with the following compliance standards:
- NIST4
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
When the retention period is set to a positive number within a Redshift cluster configuration, the automated snapshots are enabled for that cluster. Cloud Conformity strongly recommends to automate backups for data recovery whenever possible in order to avoid unexpected failures.
Audit
To determine if your Amazon Redshift clusters are taking snapshots of their data automatically (i.e. automated snapshot retention period is set to a positive number), perform the following:
Remediation / Resolution
To modify your Amazon Redshift clusters configuration in order to enable automated snapshots (i.e. set automated snapshot retention period to a positive number), perform the following:
References
- AWS Documentation
- Amazon Redshift FAQs
- Amazon Redshift Snapshots
- Managing Snapshots Using the Console
- Managing Snapshots Using the Amazon Redshift CLI and API
- Managing Clusters Using the Console
- Manage Clusters Using the Amazon Redshift CLI and API
- AWS Command Line Interface (CLI) Documentation
- redshift
- describe-clusters
- modify-cluster