This rule ensures that RDS DB instance and cluster enhanced monitoring is enabled for improved security and monitoring.
Rule | RDS DB instance and cluster enhanced monitoring should be enabled |
Framework | NIST 800-53 Revision 5 |
Severity | ✔ High |
Title: Enable Enhanced Monitoring for RDS DB Instances and Clusters to Comply with NIST 800-53 Revision 5
Description: According to NIST 800-53 Revision 5, it is recommended to enable enhanced monitoring for RDS DB instances and clusters. Enhanced monitoring provides additional insights into the performance and resource utilization of your RDS environment. By enabling this feature, you can collect and analyze metrics that aid in troubleshooting, performance optimization, and capacity planning.
Troubleshooting Steps: The process of enabling enhanced monitoring for RDS DB instances and clusters is straightforward. However, if you encounter any issues during the configuration, please follow these troubleshooting steps:
Verify IAM Permissions: Ensure that the IAM role associated with your RDS DB instances and clusters has the necessary permissions to enable enhanced monitoring. If you encounter permission errors, adjust the IAM policies accordingly.
Check Compatibility: Confirm that the RDS DB engine and version you are using supports enhanced monitoring. Some older versions may not have this feature available. If so, consider upgrading your RDS engine to a compatible version.
Review Security Groups: Ensure that the necessary inbound and outbound rules are configured in the security groups associated with your RDS instances to allow communication with the enhanced monitoring service. Check for any misconfigured rules that might be blocking the required traffic.
Log and Error Analysis: If you are experiencing issues related to enabling enhanced monitoring, review the AWS CloudWatch Logs and error messages for further insights. These logs can provide detailed information about any failures or exceptions encountered during the process.
Contact AWS Support: If the above steps do not resolve the issue, reach out to AWS Support for further assistance. Provide them with the relevant error messages and any troubleshooting steps you have already taken.
Necessary Codes: No specific codes are required to enable enhanced monitoring for RDS DB instances and clusters. The configuration can be done entirely through the AWS Management Console or through AWS CLI commands, if preferred.
Step-by-Step Guide to Enable Enhanced Monitoring using AWS Management Console:
Please note that it can take a few minutes for the enhanced monitoring data to start populating in the CloudWatch console.
Conclusion: By following the above steps, you can easily enable enhanced monitoring for your RDS DB instances and clusters, ensuring compliance with NIST 800-53 Revision 5. This feature provides valuable insights for monitoring and managing your RDS environment's performance and resource utilization.