Rule: RDS DB Instance and Cluster Enhanced Monitoring Enabled
Ensure RDS DB instance and cluster enhanced monitoring is enabled to improve security and compliance.
| Rule | RDS DB instance and cluster enhanced monitoring should be enabled |
| Framework | NIST 800-53 Revision 5 |
| Severity | ✔ High |
Rule Description:
This rule requires the enabling of Enhanced Monitoring for Amazon RDS DB instances and clusters to comply with the security requirements outlined in NIST 800-53 Revision 5. Enhanced Monitoring provides additional insights into the performance and behavior of your RDS instances, allowing for better diagnostics, troubleshooting, and optimization.
Troubleshooting Steps (if applicable):
If you encounter any issues during the process of enabling Enhanced Monitoring for RDS DB instances and clusters, follow these troubleshooting steps:
- 1.
Check IAM permissions: Ensure that the IAM role associated with your RDS instance or cluster has the necessary permissions to access CloudWatch metrics and logs.
- 2.
Verify AWS CLI version: Make sure you are using the latest version of AWS Command Line Interface (CLI) to minimize compatibility issues.
- 3.
Check CloudWatch agent configuration: If you're using the CloudWatch agent to collect metrics and logs, double-check the configuration file for any errors or misconfigurations.
- 4.
Review CloudWatch Logs troubleshooting guide: If you encounter issues with log collection, consult the CloudWatch Logs troubleshooting guide provided by AWS for detailed steps to troubleshoot common problems.
Necessary Code (if applicable):
No specific code is required to enable Enhanced Monitoring for RDS DB instances and clusters, as it is a configuration setting through the AWS Management Console or CLI.
Remediation Steps:
To enable Enhanced Monitoring for RDS DB instances and clusters, follow these step-by-step instructions:
- 1.
Open the AWS Management Console and navigate to the Amazon RDS service.
- 2.
Select the desired DB instance or cluster that needs monitoring enabled.
- 3.
In the "Actions" dropdown menu, click on "Modify".
- 4.
On the "Modify DB Instance/Cluster" page, scroll down to the "Monitoring" section.
- 5.
Enable the "Enhanced Monitoring" option by selecting the appropriate monitoring role and desired granularity level.
- 6.
Click on "Continue" to proceed with the modification.
- 7.
Review the summary of the modifications and, if everything looks correct, click on "Modify DB Instance/Cluster" to apply the changes.
- 8.
Once the modification is completed, you can monitor the enhanced metrics and logs in Amazon CloudWatch.
Note: If you prefer to use the AWS CLI instead of the console, you can use the
modify-db-instancemodify-db-clusterConclusion:
Enabling Enhanced Monitoring for RDS DB instances and clusters ensures compliance with NIST 800-53 Revision 5 security requirements. By following the provided troubleshooting steps and remediation guide, you can successfully enable Enhanced Monitoring and gain valuable insights into the performance of your RDS resources.