Rule: RDS DB Instance and Cluster Enhanced Monitoring Should be Enabled
This rule ensures that RDS DB instances and clusters have enhanced monitoring enabled.
| Rule | RDS DB instance and cluster enhanced monitoring should be enabled |
| Framework | NIST 800-53 Revision 5 |
| Severity | ✔ High |
Rule Description: Enable RDS DB instance and cluster enhanced monitoring for NIST 800-53 Revision 5 compliance.
Rule Details:
RDS (Relational Database Service) is a managed database service provided by AWS (Amazon Web Services). To comply with NIST 800-53 Revision 5 security controls, it is recommended to enable enhanced monitoring for RDS DB instances and clusters. This feature provides more granular visibility into the performance and health of your RDS resources.
Troubleshooting Steps:
There are no specific troubleshooting steps for enabling RDS DB instance and cluster enhanced monitoring. However, if you encounter any issues during the process, follow the steps below to resolve them:
- 1.
Verify IAM Permissions: Ensure that you have appropriate IAM (Identity and Access Management) permissions to enable enhanced monitoring for RDS DB instances and clusters. Check if your IAM user or role has the required permissions to modify RDS resources.
- 2.
Check RDS Engine Compatibility: Confirm that the RDS DB engine you are using is compatible with enhanced monitoring. Not all RDS engine versions support this feature. Refer to AWS documentation to determine the compatibility of your RDS engine.
- 3.
Check RDS Instance/Cluster Status: Ensure that your RDS DB instance or cluster is in an available state. Enhanced monitoring cannot be enabled if the resource is in a state other than available.
- 4.
Review RDS Logs: If you encounter any errors or issues during the process, review the RDS logs for the respective resource. RDS logs provide detailed information about events, errors, and diagnostic data related to your RDS resources.
Necessary Codes:
No specific codes are required for enabling RDS DB instance and cluster enhanced monitoring. This process can be performed using the AWS Management Console, AWS CLI (Command Line Interface), or SDKs (Software Development Kits).
Step-by-Step Guide:
Option 1: Enable Enhanced Monitoring via AWS Management Console:
- 1.Sign in to the AWS Management Console.
- 2.Open the Amazon RDS console at https://console.aws.amazon.com/rds/.
- 3.Select the appropriate region where your RDS DB instance or cluster is located.
- 4.In the navigation pane, choose "Databases" for RDS instances or "Clusters" for RDS clusters.
- 5.Select the target DB instance or cluster.
- 6.Click on "Actions" and choose "Modify".
- 7.Scroll down to the "Monitoring and Performance Insights" section.
- 8.Under "Enhanced monitoring", select "Enabled" and adjust the desired settings.
- 9.Click on "Continue" and review the modifications.
- 10.After verifying the changes, click on "Modify DB Instance/Cluster" to apply the enhanced monitoring configuration.
Option 2: Enable Enhanced Monitoring via AWS CLI:
- 1.Install and configure AWS CLI, if not already set up.
- 2.Open a terminal or command prompt.
- 3.Run the following command to enable enhanced monitoring for an RDS DB instance:
Replaceaws rds modify-db-instance --db-instance-identifier [DB_INSTANCE_IDENTIFIER] --enable-enhanced-monitoring --apply-immediately
with the actual identifier of your RDS DB instance.[DB_INSTANCE_IDENTIFIER] - 4.Alternatively, use the following command to enable enhanced monitoring for an RDS cluster:
Replaceaws rds modify-db-cluster --db-cluster-identifier [DB_CLUSTER_IDENTIFIER] --enable-enhanced-monitoring
with the actual identifier of your RDS cluster.[DB_CLUSTER_IDENTIFIER]
Option 3: Enable Enhanced Monitoring via AWS SDKs:
- 1.Choose the appropriate SDK for your preferred programming language and install it.
- 2.Include the necessary SDK libraries in your code.
- 3.Use the SDK methods to modify the RDS DB instance or cluster configuration and enable enhanced monitoring. Refer to the SDK documentation and examples for the specific language to implement the changes.
Conclusion:
Enabling enhanced monitoring for RDS DB instances and clusters is crucial for achieving NIST 800-53 Revision 5 compliance. By following the provided steps, you can ensure that your RDS resources are monitored accurately, enhancing their performance and security.