Ensure Auto Minor Version Upgrade feature is Enabled for RDS Instances
RDSs can be upgraded with major and minor upgrades. Minor upgrades help maintain a secure and stable RDS with minimal impact on the application. It is recommended that automatic minor upgrades are enabled.
Risk Level: Low
Cloud Entity: Amazon RDS
CloudGuard Rule ID: D9.AWS.OPE.08
Covered by Spectral: Yes
Category: Database
GSL LOGIC
RDS should have autoMinorVersionUpgrade=true
REMEDIATION
From Portal
- Sign in to the AWS Management Console and open the Amazon RDS console at https://console.aws.amazon.com/rds/.
- In the upper-right corner of the Amazon RDS console, choose the AWS Region in which you want to create the DB instance.
- In the navigation pane, choose Databases.
- Choose Create database.
- In Choose a database creation method, select Standard Create.
- Set the other options as per your requirement
- Under the Maintenance section, select Yes for Auto minor version upgrade.
- Choose Create database
From TF
resource "aws_db_instance" "test" {
allocated_storage = 20
storage_type = "gp2"
engine = "mysql"
engine_version = "5.7"
instance_class = "db.t2.micro"
name = "mydb"
username = "foo"
password = "foobarbaz"
iam_database_authentication_enabled = true
storage_encrypted = true
ca_cert_identifier = "rds-ca-2019"
+ auto_minor_version_upgrade = true #to enable auto Minor Version Upgrade feature
}
From Command Line
To enable automatic minor upgrades, run:
aws rds create-db-instance --engine ENGINE --db-instance-identifier DB_IDENTIFIER --allocated-storage SIZE --db-instance-class DB_INSTANCE_CLASS --vpc-security-group-ids SECURITY_GROUP_ID --db-subnet-group SUBNET_GROUP --master-username USER --master-user-password PWD -backup-retention-period DAYS --auto-minor-version-upgrade
References
- https://docs.aws.amazon.com/config/latest/developerguide/rds-automatic-minor-version-upgrade-enabled.html
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Upgrading.html
- https://docs.aws.amazon.com/cli/latest/reference/rds/modify-db-instance.html
Amazon RDS
Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need.
Compliance Frameworks
- AWS CIS Foundations v. 1.5.0
- AWS CIS Foundations v. 2.0.0
- AWS CloudGuard Best Practices
- AWS CloudGuard SOC2 based on AICPA TSC 2017
- AWS CloudGuard Well Architected Framework
- AWS HITRUST
- AWS HITRUST v11.0.0
- AWS ISO27001:2022
- AWS ITSG-33
- AWS MAS TRM Framework
- AWS MITRE ATT&CK Framework v10
- AWS MITRE ATT&CK Framework v11.3
- AWS NIST 800-53 Rev 5
- CloudGuard AWS All Rules Ruleset
Updated over 1 year ago