Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Enable Rule for RDS DB Instance Monitoring

This rule ensures enhanced monitoring is enabled for RDS DB instances and clusters.

RuleRDS DB instance and cluster enhanced monitoring should be enabled
FrameworkFedRAMP Moderate Revision 4
Severity
High

Rule Description

The rule requires enabling enhanced monitoring for Amazon RDS DB instances and clusters in accordance with the FedRAMP Moderate Revision 4 security requirements. Enhanced monitoring provides additional insights and metrics for better visibility into DB instance and cluster performance.

Troubleshooting Steps

If enhanced monitoring is not enabled for RDS DB instances and clusters, follow these troubleshooting steps:

  1. 1.

    Check if the current RDS instance is running in a supported region. A subset of AWS regions supports enhanced monitoring. Refer to the AWS documentation for a list of supported regions.

  2. 2.

    Ensure that the DB instance or cluster is running a supported database engine version. Enhanced monitoring may not be available for older database engine versions. Update the database engine to a supported version if necessary.

  3. 3.

    Verify that the IAM role associated with the DB instance or cluster has the necessary permissions to enable enhanced monitoring. The role should have the

    cloudwatch:PutMetricData
    action allowed in the IAM policy.

  4. 4.

    Check the configuration settings for the DB instance or cluster. Ensure that the

    MonitoringInterval
    parameter is set to a value other than zero. If it is set to zero, enhanced monitoring will not be enabled.

Necessary Codes

To enable enhanced monitoring for RDS DB instances and clusters, you can use the AWS CLI or SDKs. Below is an example of how to enable enhanced monitoring using the AWS CLI:

aws rds modify-db-instance --db-instance-identifier <instance-identifier> --monitoring-interval <interval>

Replace

<instance-identifier>
with the identifier of your RDS DB instance and
<interval>
with the desired monitoring interval in seconds.

Note: Enhanced monitoring cannot be enabled or disabled on a running instance directly. To enable enhanced monitoring, you need to create a new instance with the desired monitoring configuration and then migrate your data to the new instance.

Step-by-Step Guide for Remediation

Follow these steps to enable enhanced monitoring for RDS DB instances and clusters in an AWS environment:

  1. 1.

    Identify the RDS DB instance or cluster that needs enhanced monitoring enabled.

  2. 2.

    Verify that the AWS region in which the DB instance or cluster is running supports enhanced monitoring. Refer to the AWS documentation for a list of supported regions.

  3. 3.

    Ensure that the DB instance or cluster is running a supported database engine version. If it is using an older version, consider upgrading the database engine to a supported version.

  4. 4.

    Check the IAM role associated with the DB instance or cluster. Ensure that the role has the necessary permissions to enable enhanced monitoring. The role should have the

    cloudwatch:PutMetricData
    action allowed in the IAM policy.

  5. 5.

    Determine the desired monitoring interval for enhanced monitoring. The monitoring interval determines how frequently metrics are collected.

  6. 6.

    Create a new RDS DB instance or cluster with the desired monitoring configuration. Use the AWS CLI, SDKs, or the AWS Management Console to configure the instance with the necessary monitoring options.

  7. 7.

    Migrate your data to the new DB instance or cluster, if required. Be sure to follow best practices and take necessary precautions to avoid data loss or downtime during the migration process.

  8. 8.

    Validate that enhanced monitoring is enabled for the new DB instance or cluster. Use the AWS Management Console, CLI, or APIs to check the monitoring configuration and verify that metrics are being collected.

  9. 9.

    Update any relevant documentation or configuration management systems to reflect the changes made to enable enhanced monitoring.

  10. 10.

    Monitor the enhanced metrics and use them to gain insights into the performance of your RDS DB instance or cluster. Leverage these metrics to troubleshoot any performance issues and optimize your database environment.

Conclusion

Enabling enhanced monitoring for RDS DB instances and clusters in accordance with the FedRAMP Moderate Revision 4 security requirements helps to improve visibility and performance management of your database environment. By following the steps outlined above, you can ensure that enhanced monitoring is configured correctly and gain actionable insights to optimize your RDS deployments.

Is your System Free of Underlying Vulnerabilities?
Find Out Now