Virtual Machines are not backed up using Azure Backup
Description
Ensure that Azure Backup service is enabled and configured to create server backups for your Microsoft Azure virtual machines (VMs), in order to follow data security best practices and compliance requirements. Azure Backup service is a cost-effective, one-click backup solution, that simplifies virtual machine data recovery in your Azure cloud account. Once Azure Backup service is configured, your virtual machines are backed up according to a precise schedule defined within the appropriate backup policy, then recovery points are created from those backups and stored in the Azure Recovery Services vaults.
Code Example
{
"az backup vault create
--resource-group cloud-shell-storage-westeurope
--name cc-new-backup-vault
--location westeurope",
}Remediation
- In Azure Console*
. Sign in to Azure Management Console.
. Navigate to All resources blade at https://portal.azure.com/#blade/HubsExtension/BrowseAll to access all your Microsoft Azure resources.
. Choose the Azure subscription that you want to access from the Subscription filter box.
. From the Type filter box, select Virtual machine to list only the Azure virtual machines available in the selected subscription.
. Click on the name of the virtual machine (VM) that you want to reconfigure.
. On the navigation panel, under Operations, select Backup to access the Azure Backup service configuration for the selected virtual machine.
. On the Backup page, perform the following: a. + From the Recovery Service vault choose whether to create a new vault or select an existing one. + An Azure Recovery Service vault is a storage entity that holds the virtual machine backups. + b.From Choose backup policy dropdown list select an existing backup policy or click Create (or edit) a new policy to create/edit a new backup policy. + A backup policy specifies frequency and time at which specified resources will be backed up and how long the backup copies are retained. + c. + Once the backup policy is properly configured, click Enable Backup to enable server backups for the selected Microsoft Azure virtual machine. + You can now start a backup job by using Backup now button or wait for the selected policy to run the job at the scheduled time. + The first backup job creates a full recovery point. + Each backup job after the initial server backup creates incremental recovery points.
. Repeat steps no. + 5 -- 7 to enable server backups for other Azure virtual machines available in the selected subscription.
. Repeat steps no. + 4 -- 8 for each subscription created in your Microsoft Azure cloud account.
- In Azure CLI*
. Run backup vault create command (Windows/macOS/Linux) to create a new Azure Recovery Service vault that will hold all the server backups created for the specified Azure virtual machine (VM): +
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0770 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV2_AZURE_12 |