Rule: RDS DB Instance Automatic Minor Version Upgrade Enabled
This rule ensures that automatic minor version upgrades are enabled for RDS DB instances.
| Rule | RDS DB instance automatic minor version upgrade should be enabled |
| Framework | CISA-cyber-essentials |
| Severity | ✔ High |
Rule Description:
Enabling automatic minor version upgrades for RDS DB instances is a best practice recommended by the Cybersecurity and Infrastructure Security Agency (CISA) Cyber Essentials framework. This ensures that your RDS database instances stay up-to-date with the latest minor version releases, which often include important security patches, bug fixes, and feature enhancements. By enabling automatic minor version upgrades, you can ensure the ongoing security and performance of your RDS DB instances.
Troubleshooting Steps (if applicable):
If you encounter any issues or errors during the automatic minor version upgrade process, follow the troubleshooting steps below:
- 1.
Check the RDS event notifications: AWS sends event notifications when an automatic minor version upgrade fails. You can view these events by accessing the Amazon RDS Management Console and navigating to the "Events" section. Look for any error messages or specific details related to the upgrade failure.
- 2.
Review the instance-specific logs: Check the RDS instance logs to gain further insights into the upgrade failure. You can access these logs through the Amazon RDS Management Console or by using the AWS Command Line Interface (CLI). Look for any error messages or exceptions that might help diagnose the issue.
- 3.
Verify the network connectivity: Ensure that your RDS instance has proper network connectivity to external resources and services. Check if there are any network issues such as firewall rules or network security groups blocking the required connections for the upgrade process.
- 4.
Check the IAM role permissions: Verify that the IAM role assigned to the RDS DB instance has the necessary permissions to perform automatic minor version upgrades. Ensure that the role has the required actions allowed for the RDS service in its policies.
- 5.
Contact AWS Support: If the troubleshooting steps above do not resolve the issue, contact AWS Support for further assistance. Provide them with the details of the error messages, logs, and any additional relevant information to expedite the resolution process.
Code Samples (if applicable):
To enable automatic minor version upgrades for an RDS DB instance using the AWS CLI, you can use the following command:
aws rds modify-db-instance \ --db-instance-identifier <your-db-instance-identifier> \ --enable-minor-version-upgrade
Replace
<your-db-instance-identifier>Remediation Steps:
To enable automatic minor version upgrades for an RDS DB instance, follow these step-by-step instructions:
- 1.
Open the Amazon RDS Management Console: Go to the AWS Management Console (https://console.aws.amazon.com/) and navigate to the RDS service.
- 2.
Select the appropriate DB instance: From the list of RDS instances, select the DB instance for which you want to enable automatic minor version upgrades.
- 3.
Click on "Modify" button: In the RDS DB instance details page, click on the "Modify" button on the top right corner.
- 4.
Enable automatic minor version upgrades: Scroll down to the "Backup" section in the Modify DB instance page. Look for the "Enable automatic minor version upgrades" option and check the checkbox next to it.
- 5.
Review and apply the changes: Review the other settings on the Modify DB instance page (if necessary). Verify that the modifications are correct and click on the "Apply immediately" button.
- 6.
Wait for the modification to complete: The modification process may take a few minutes to complete. Monitor the modification status in the console until it shows as "Available."
Once the modification is completed, automatic minor version upgrades will be enabled for your RDS DB instance. The instance will automatically upgrade to the latest available minor version during the specified maintenance window.
Note: Enabling automatic minor version upgrades may cause a brief interruption during the upgrade process, but it is usually minimal and designed to minimize downtime for your applications.