Rule: RDS DB Instance and Cluster Enhanced Monitoring Enabled
This rule ensures that RDS DB instance and cluster enhanced monitoring are enabled to enhance system and information integrity.
| Rule | RDS DB instance and cluster enhanced monitoring should be enabled |
| Framework | NIST 800-53 Revision 5 |
| Severity | ✔ High |
Rule Description
Enabling RDS DB instance and cluster enhanced monitoring for NIST 800-53 Revision 5 compliance helps ensure the security and performance of your AWS RDS (Relational Database Service) instances. Enhanced monitoring provides detailed insights into performance metrics, such as CPU utilization, memory usage, and disk I/O, which can aid in troubleshooting and optimizing database performance.
By adhering to the NIST 800-53 Revision 5 standard, which outlines security and privacy controls for federal information systems, you can ensure that your RDS instances meet the necessary requirements for data protection, access control, and monitoring.
Troubleshooting Steps
If you encounter any issues while enabling RDS DB instance and cluster enhanced monitoring, follow the troubleshooting steps below:
- 1.
Verify IAM Permissions: Ensure that the IAM role associated with your RDS instances has the necessary permissions to enable enhanced monitoring. The role should have the "AmazonRDSEnhancedMonitoringRole" policy attached.
- 2.
Check Supported Database Engines: Enhanced monitoring is supported on certain RDS database engines only. Make sure the database engine you are using is compatible with enhanced monitoring. Refer to the official AWS documentation for the list of supported engines.
- 3.
Check Enhanced Monitoring Compatibility: Check if your RDS instances are running a compatible version of the database engine. Some older versions may not support enhanced monitoring, so upgrading to a supported version may be necessary.
- 4.
Verify RDS Instance Type: Enhanced monitoring is available for certain instance types only. Ensure that your RDS instance is using a supported instance type.
- 5.
Enable Enhanced Monitoring Through AWS CLI: If you are still unable to enable enhanced monitoring through the AWS Management Console, try using the AWS Command Line Interface (CLI) to enable it. The CLI command for enabling enhanced monitoring is:
aws rds modify-db-instance --db-instance-identifier <your-db-instance-identifier> --monitoring-interval <interval-in-seconds> --apply-immediately
Replace
<your-db-instance-identifier><interval-in-seconds>Remediation Steps
To enable RDS DB instance and cluster enhanced monitoring for NIST 800-53 Revision 5 compliance, follow the step-by-step guide below:
- 1.
Sign in to the AWS Management Console.
- 2.
Open the Amazon RDS console.
- 3.
Select the appropriate region.
- 4.
From the navigation menu, click on "Databases".
- 5.
Find the RDS database instance for which you want to enable enhanced monitoring and click on its identifier.
- 6.
Click on the "Modify" button.
- 7.
Scroll down to the "Monitoring" section.
- 8.
Check the box for "Enable Enhanced Monitoring".
- 9.
Choose the desired monitoring interval from the dropdown list.
- 10.
Click on "Continue".
- 11.
Review the modifications and click on "Modify DB Instance" to apply the changes.
- 12.
Wait for the modification to complete. This may take a few minutes.
- 13.
Once the modification is complete, enhanced monitoring will be enabled for the selected RDS database instance.
- 14.
Repeat the above steps for other RDS instances if necessary.
By following these steps, you will enable RDS DB instance and cluster enhanced monitoring, ensuring compliance with NIST 800-53 Revision 5 requirements.