Ensure enhanced monitoring for Amazon RDS instances is enabled
When Enhanced Monitoring is enabled, Amazon RDS provides metrics in real time for the operating system (OS) that your DB instance runs on. You can view all the system metrics and process information for your RDS DB instances on the console. You can manage which metrics you want to monitor for each instance and customize the dashboard according to your requirements.
Risk Level: Low
Cloud Entity: Amazon RDS
CloudGuard Rule ID: D9.CFT.LOG.07
Covered by Spectral: Yes
Category: Database
GSL LOGIC
AWS_RDS_DBInstance should have (MonitoringInterval>0 and MonitoringRoleArn )
REMEDIATION
From CFT
- Set AWS::RDS::DBInstance::MonitoringInterval other than 0.
- Supply AWS::RDS::DBInstance::MonitoringRoleArn with the role ARN.
See below example;
Resources:
MyDB:
Type: 'AWS::RDS::DBInstance'
Properties:
...
MonitoringInterval: '60'
MonitoringRoleArn: 'arn:aws:iam::123456789012:role/rds-monitoring-role'
...
References
- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-monitoringinterval
- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-monitoringrolearn
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.OS.Enabling.html.
Amazon RDS
Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need.
Compliance Frameworks
- AWS CloudFormation ruleset
Updated about 1 year ago