This rule ensures that the RDS DB instance automatic minor version upgrade is enabled.
Rule | RDS DB instance automatic minor version upgrade should be enabled |
Framework | RBI Cyber Security Framework |
Severity | ✔ High |
Rule Description
Enabling automatic minor version upgrades for RDS (Relational Database Service) DB instances is a required security measure according to the RBI (Reserve Bank of India) Cyber Security Framework. This rule ensures that your RDS instances are kept up to date with the latest patches and improvements, reducing the risk of security vulnerabilities and ensuring the stability and performance of your databases.
Automatic minor version upgrades allow AWS to automatically apply new database engine version updates to your RDS instances for both the database software and the underlying operating system. By enabling this feature, you ensure that your RDS instances are always running on the latest stable versions, benefiting from bug fixes, security enhancements, and new features.
Troubleshooting Steps
In case you encounter any issues while enabling or managing automatic minor version upgrades for RDS instances, please follow these troubleshooting steps:
Check RDS Instance Compatibility: Ensure that the selected RDS instance is eligible for automatic minor version upgrades. Some DB instance classes might have limitations or constraints that prevent upgrades. Consult the AWS documentation to verify the compatibility for your chosen instance type.
Verify Administrative Privileges: Make sure you have sufficient administrative privileges to modify the RDS instance settings. You need to be an AWS Identity and Access Management (IAM) user with the necessary permissions to enable automatic minor version upgrades.
Ensure Proper Connectivity: Validate that the RDS instance can communicate with the necessary AWS services, such as the Systems Manager Parameter Store and AWS Secrets Manager, to retrieve and update the required information during the upgrade process.
Check Maintenance Window: If you have a specific maintenance window configured for your RDS instance, verify that it doesn't conflict with the automatic minor version upgrade schedule. Adjust the maintenance window if necessary to prevent disruptions during upgrades.
Review Database Engine Version: Ensure that the RDS instance is running a compatible database engine version for automatic minor version upgrades. Not all engine versions can receive automatic upgrades, so refer to the AWS documentation to confirm the supported versions.
Monitor Event Notifications: Set up event notifications for the RDS instance to receive automatic upgrade-related messages. These notifications can help identify any issues encountered during the upgrade process and provide insights for further troubleshooting.
Configuration Steps
To enable automatic minor version upgrades for an RDS DB instance, follow these step-by-step instructions:
Open the Amazon RDS Management Console.
Navigate to the "Databases" section and select the desired DB instance.
Click on the "Modify" button to modify the instance settings.
In the "Modify DB Instance" page, scroll down to the "Maintenance & backups" section.
Locate the "Automated minor version upgrade" option and select the checkbox to enable automatic upgrades.
Optionally, configure the preferred maintenance window for your RDS instance to control when upgrades are applied. This setting allows you to define a specific time frame during which upgrades can occur.
Review the other settings on the page, such as storage, network, and security groups, if necessary. Modify any other desired settings before proceeding.
Click the "Continue" button to review the summary of changes.
Verify the modifications and click the "Modify DB Instance" button to apply the changes.
Wait for the modification process to complete. You can monitor the progress in the RDS console or by enabling event notifications for DB instance events.
Once the modification is completed, your RDS DB instance will be configured to receive automatic minor version upgrades. AWS will automatically apply any eligible updates during the maintenance window (if configured) or during the next available window.
Additional Information
It is recommended to regularly monitor the automated upgrade process and test your applications against new versions to ensure compatibility and functionality.
AWS performs automatic minor version upgrades during a maintenance window for each region, aiming to minimize the impact on your database's availability. However, it's recommended to perform your own testing to ensure that the upgrades do not introduce unexpected issues.
For situations where you require more control over the upgrade process or need to test updates before applying them to production databases, you can opt for manual upgrades by disabling the automatic minor version upgrade feature.