Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: RDS DB Instance and Cluster Enhanced Monitoring Enabled

This rule ensures that RDS DB instance and cluster enhanced monitoring is enabled to enhance security.

RuleRDS DB instance and cluster enhanced monitoring should be enabled
FrameworkFederal Financial Institutions Examination Council (FFIEC)
Severity
High

Rule Description:

The Federal Financial Institutions Examination Council (FFIEC) mandates that RDS DB instance and cluster enhanced monitoring should be enabled for financial institutions operating within the jurisdiction. This rule ensures that the essential monitoring capabilities are in place to maintain the security, performance, and reliability of the database instances and clusters.

Enabling enhanced monitoring provides additional real-time monitoring metrics and diagnostic data, which are crucial for identifying and resolving any potential issues that may impact the database's availability and performance.

Troubleshooting Steps (if applicable):

In case you encounter any issues while enabling enhanced monitoring for RDS DB instances and clusters, follow these troubleshooting steps:

  1. 1.

    Confirm AWS account permissions: Ensure that the IAM user or role used to enable enhanced monitoring has the necessary AWS permissions to modify RDS settings. Check the permission policies associated with the IAM entity and make sure it has the required access.

  2. 2.

    Verify RDS instance compatibility: Enhanced monitoring might not be available for all RDS instance types. Ensure that the instance type you are using is compatible with enhanced monitoring. Refer to the AWS documentation for the list of supported instance types.

  3. 3.

    Check for pending modifications: If you recently modified your RDS instance or cluster, there might be pending changes that need to be applied before enabling enhanced monitoring. Check the RDS console for any pending modifications and apply them if necessary.

  4. 4.

    Review AWS region availability: Enhanced monitoring might not be available in all AWS regions. Verify that the region you are operating in supports enhanced monitoring. Refer to the AWS documentation for the availability of enhanced monitoring in different regions.

  5. 5.

    Restart the RDS instance or cluster: In some cases, a simple restart of the RDS instance or cluster can resolve issues with enabling enhanced monitoring. Try restarting the instance or cluster and retry the enablement process.

  6. 6.

    Contact AWS Support: If the above troubleshooting steps do not resolve the issue, reach out to AWS Support for further assistance. Provide them with detailed information about the problem you are facing and steps you have taken so far.

Necessary Codes (if applicable):

There are no specific codes directly related to enabling enhanced monitoring for RDS DB instances and clusters. The process can be accomplished through the AWS Management Console, AWS CLI, or AWS SDKs using respective APIs.

Step-by-Step Guide for Remediation:

Follow these steps to enable enhanced monitoring for RDS DB instances and clusters:

  1. 1.

    Login to the AWS Management Console (https://console.aws.amazon.com/).

  2. 2.

    Navigate to the Amazon RDS service.

  3. 3.

    Select the region where your RDS DB instances or clusters are located.

  4. 4.

    Click on "Databases" for DB instances or "Clusters" for clusters from the left-hand menu.

  5. 5.

    Choose the specific RDS DB instance or cluster for which you want to enable enhanced monitoring.

  6. 6.

    Click on "Modify" to modify the instance or cluster settings.

  7. 7.

    In the "Modify DB instance" or "Modify cluster" page, scroll down to the "Enhanced monitoring" section.

  8. 8.

    Set the "Monitoring interval" to the desired value (minimum is 1 second).

  9. 9.

    Enable "Enable enhanced monitoring" option.

  10. 10.

    Click "Continue" or "Modify cluster" to proceed with the modification.

  11. 11.

    Review the summary of changes and click "Apply immediately" to apply the modifications.

  12. 12.

    Wait for the modification to complete. This may take a few minutes.

  13. 13.

    Once the modification is completed, enhanced monitoring will be enabled for the RDS DB instance or cluster.

  14. 14.

    You can now access the enhanced monitoring metrics and diagnostic data through Amazon CloudWatch.

Ensure you regularly monitor the enhanced metrics to identify any potential issues and take necessary actions to maintain the performance and availability of your RDS DB instances or clusters.

Note: It is recommended to repeat these steps for all RDS DB instances and clusters within the FFIEC jurisdiction to ensure compliance.

Is your System Free of Underlying Vulnerabilities?
Find Out Now