Rule: Ensure Auto Minor Version Upgrade feature is Enabled for RDS Instances
This rule ensures that the Auto Minor Version Upgrade feature is enabled for RDS instances.
| Rule | Ensure Auto Minor Version Upgrade feature is Enabled for RDS Instances |
| Framework | cis_v150 |
| Severity | ✔ Low |
Description
The Auto Minor Version Upgrade feature allows Amazon RDS instances to automatically receive minor version upgrades as soon as they become available, ensuring that your database remains up-to-date with the latest bug fixes and security patches. This helps to improve the stability and security of your RDS instances.
Enabling this feature helps to eliminate the need for manual intervention to perform minor version upgrades, saving time and effort for database administrators.
Rationale
Enabling Auto Minor Version Upgrade is an important security best practice as it ensures that your RDS instances are regularly updated with the latest bug fixes and security patches. By staying up-to-date, you can protect your databases from known vulnerabilities and reduce the risk of potential security breaches.
Remediation
Console
- 1.
Open the Amazon RDS Console.
- 2.
In the navigation pane, choose "Databases".
- 3.
Select the RDS instance for which you want to enable Auto Minor Version Upgrade.
- 4.
Click on the "Modify" button.
- 5.
Scroll down to the "Upgrade" section.
- 6.
Enable the "Auto minor version upgrade" option.
- 7.
Click on the "Continue" button.
- 8.
Review the summary of the changes and click on the "Modify DB instance" button to apply the changes.
AWS CLI
- 1.
Open the AWS CLI or any terminal.
- 2.
Run the following command, replacing "my-db-instance" with the name of your RDS instance:
aws rds modify-db-instance --db-instance-identifier my-db-instance --auto-minor-version-upgrade true
- 1.Wait for the command to complete successfully.
Verification
Console
- 1.
Open the Amazon RDS Console.
- 2.
In the navigation pane, choose "Databases".
- 3.
Select the RDS instance for which you enabled Auto Minor Version Upgrade.
- 4.
Check the value of the "Auto minor version upgrade" field. It should be set to "Enabled".
AWS CLI
- 1.
Open the AWS CLI or any terminal.
- 2.
Run the following command, replacing "my-db-instance" with the name of your RDS instance:
aws rds describe-db-instances --db-instance-identifier my-db-instance --query 'DBInstances[0].AutoMinorVersionUpgrade'
- 1.The command should return the value "true", indicating that Auto Minor Version Upgrade is enabled for the specified RDS instance.
Troubleshooting
If for some reason the Auto Minor Version Upgrade feature fails to enable or you encounter any issues after enabling it, consider the following troubleshooting steps:
- 1.
Double-check that you're using the correct instance identifier when running the CLI commands or updating the console settings.
- 2.
Verify that your AWS credentials have the necessary permissions to modify RDS instances. Ensure that the IAM user or role has the appropriate permissions attached.
- 3.
Check the AWS RDS documentation and release notes for any known issues or limitations related to the specific RDS engine you're using. It's possible that certain engine versions do not support the Auto Minor Version Upgrade feature.
- 4.
If the issue persists, consider reaching out to AWS Support for further assistance.
Additional Information