AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
Enhanced Monitoring Should Be Enabled For RDS Instances
More Info:
Checks if enhanced monitoring is enabled for Amazon RDS instances. This rule is NON_COMPLIANT if ‘monitoringInterval’ is ‘0’ in the configuration item of the RDS instance, or if ‘monitoringInterval’ does not match the rule parameter value.
Risk Level
Medium
Addresses
Monitoring
Compliance Standards
CBP,SEBI,RBI_MD_ITF
Triage and Remediation
Remediation
To remediate the misconfiguration of not having Enhanced Monitoring enabled for RDS instances in AWS using the AWS Management Console, follow these step-by-step instructions:
-
Login to AWS Console: Go to the AWS Management Console (https://aws.amazon.com/console/) and login using your credentials.
-
Navigate to RDS Service: Click on the “Services” dropdown in the top left corner of the console, then select “RDS” under the “Database” category.
-
Select RDS Instance: In the Amazon RDS dashboard, select the RDS instance for which you want to enable Enhanced Monitoring.
-
Enable Enhanced Monitoring: Click on the RDS instance name to open the details page. In the navigation pane on the left, click on “Configuration” to expand the configuration options.
-
Modify Instance: Click on the “Modify” button at the top of the page to modify the instance settings.
-
Enable Enhanced Monitoring: Scroll down to the “Monitoring” section of the Modify DB Instance page. Look for the “Enhanced monitoring” option and select the desired monitoring level (e.g., Basic, Enhanced, or Performance Insights).
-
Save Changes: Scroll to the bottom of the page and click on the “Continue” button. Review the changes you are about to make, and then click on the “Modify DB Instance” button to apply the changes.
-
Monitor Status: Once the modification is complete, the status of the RDS instance will change to “modifying.” You can monitor the progress of the modification in the RDS console.
-
Verify Enhanced Monitoring: After the modification is completed, go back to the RDS instance details page and check the monitoring section to ensure that Enhanced Monitoring is enabled for the instance.
By following these steps, you will successfully remediate the misconfiguration of not having Enhanced Monitoring enabled for RDS instances in AWS using the AWS Management Console.
To remediate the misconfiguration of not having Enhanced Monitoring enabled for RDS instances in AWS using AWS CLI, you can follow these steps:
Step 1: List all the RDS instances in your AWS account:
aws rds describe-db-instances
Step 2: Identify the RDS instance for which you want to enable Enhanced Monitoring.
Step 3: Enable Enhanced Monitoring for the identified RDS instance:
aws rds modify-db-instance --db-instance-identifier YOUR_DB_INSTANCE_IDENTIFIER --monitoring-interval 1
Replace YOUR_DB_INSTANCE_IDENTIFIER with the actual identifier of your RDS instance.
Step 4: Verify that Enhanced Monitoring is enabled for the RDS instance:
aws rds describe-db-instances --db-instance-identifier YOUR_DB_INSTANCE_IDENTIFIER
After following these steps, Enhanced Monitoring should be successfully enabled for the specified RDS instance in AWS using AWS CLI.
To remediate the misconfiguration of not having Enhanced Monitoring enabled for AWS RDS instances using Python, you can use the AWS SDK for Python (Boto3) to enable Enhanced Monitoring. Here are the step-by-step instructions to remediate this issue:
-
Install Boto3: If you haven’t already installed the Boto3 library, you can do so using pip:
pip install boto3 -
Configure AWS Credentials: Ensure that you have configured your AWS credentials either by setting environment variables or using the AWS CLI
aws configurecommand. -
Write a Python script: Create a Python script with the following code to enable Enhanced Monitoring for your RDS instance:
import boto3 # Initialize the RDS client rds_client = boto3.client('rds') # Specify the RDS instance identifier for which you want to enable Enhanced Monitoring instance_identifier = 'your_rds_instance_identifier' # Enable Enhanced Monitoring for the specified RDS instance try: response = rds_client.modify_db_instance( DBInstanceIdentifier=instance_identifier, MonitoringInterval=60, # Monitoring interval in seconds (1 minute) MonitoringRoleArn='arn:aws:iam::123456789012:role/monitoringRole', # Replace with your IAM role ARN EnableEnhancedMonitoring=True ) print(f"Enhanced Monitoring enabled for RDS instance {instance_identifier}") except Exception as e: print(f"Error enabling Enhanced Monitoring: {str(e)}") -
Replace the placeholders:
- Replace
'your_rds_instance_identifier'with the actual RDS instance identifier for which you want to enable Enhanced Monitoring. - Replace
'arn:aws:iam::123456789012:role/monitoringRole'with the ARN of the IAM role that has permissions to publish monitoring data to CloudWatch.
- Replace
-
Run the Python script: Execute the Python script in your terminal or IDE to enable Enhanced Monitoring for the specified RDS instance. Make sure to review the output for any errors.
By following these steps and running the Python script, you can remediate the misconfiguration of not having Enhanced Monitoring enabled for AWS RDS instances.