Enable Rule for RDS DB Instance Automatic Minor Version Upgrade
This rule ensures the automatic minor version upgrade feature is enabled for RDS DB instances.
| Rule | RDS DB instance automatic minor version upgrade should be enabled |
| Framework | Federal Financial Institutions Examination Council (FFIEC) |
| Severity | ✔ High |
Rule Description
The rule states that the automatic minor version upgrade feature should be enabled for the RDS DB instance used by the Federal Financial Institutions Examination Council (FFIEC). This ensures that the RDS DB instance stays up-to-date with the latest minor version releases, which often include important security patches, bug fixes, and performance improvements.
Troubleshooting Steps
If the automatic minor version upgrade is not enabled for the RDS DB instance, the following troubleshooting steps can be taken:
- 1.Verify the current setting: Check if the automatic minor version upgrade feature is already enabled for the RDS DB instance.
- 2.Validate FFIEC requirement: Ensure that the RDS DB instance is indeed being used by the Federal Financial Institutions Examination Council (FFIEC) and that it falls under the scope of the policy.
- 3.Review potential conflicts: Check if there are any incompatible features or configurations in the RDS DB instance that might prevent the automatic minor version upgrade from happening.
- 4.Check for errors or notifications: Look for any error messages or notifications related to the automatic minor version upgrade in the RDS DB instance console or event logs.
Necessary Codes
In this case, enabling the automatic minor version upgrade is a configuration setting in the RDS console or through the AWS Command Line Interface (CLI). No specific code implementation is required for this rule.
However, if you prefer to use AWS CLI for automating the configuration, the following command can be used:
aws rds modify-db-instance \ --db-instance-identifier <db-instance-identifier> \ --auto-minor-version-upgrade \ --apply-immediately
Replace
<db-instance-identifier>Step-by-Step Guide for Remediation
- 1.Open the AWS Management Console and navigate to the Amazon RDS service.
- 2.Select the appropriate region from the top-right corner where your RDS DB instance is located.
- 3.In the navigation panel on the left, click on "Databases" to view the list of available RDS DB instances.
- 4.Locate the DB instance used by the Federal Financial Institutions Examination Council (FFIEC) and click on its identifier.
- 5.On the "Summary" page of the RDS DB instance, scroll down and find the "Automatic minor version upgrade" section.
- 6.If the toggle switch is already enabled, the setting is compliant with the rule. No further action is required.
- 7.If the toggle switch is disabled, click on the "Modify" button at the top.
- 8.In the "Modify DB Instance" form, scroll down to the "Other modifications" section.
- 9.Enable the "Enable auto minor version upgrade" checkbox.
- 10.Scroll to the bottom of the page and click on the "Continue" button.
- 11.Review the summary of modifications and click on the "Modify DB Instance" button to apply the changes.
- 12.Wait for the modification process to complete. This may take a few minutes.
- 13.Once the modification is successful, the RDS DB instance will be automatically upgraded to the latest minor version during the next maintenance window.
By following these steps, you can ensure that the automatic minor version upgrade is enabled for the RDS DB instance used by the Federal Financial Institutions Examination Council (FFIEC).