Event Notifications Should Be Enabled

​

More Info:

Your AWS RDS resources should have event notifications enabled in order to be notified when an event occurs for a given database instance, database snapshot, database security group or database parameter group

​

Risk Level

Low

​

Address

Reliability, Operational Maturity

​

Compliance Standards

CBP

​

Remediation

​

Using Console

To remediate the misconfiguration of Event Notifications not being enabled for an AWS RDS instance using the AWS Management Console, follow these step-by-step instructions:

1. Log in to the AWS Management Console: Go to https://aws.amazon.com/ and log in using your credentials.

2. Navigate to the RDS Console: Once logged in, navigate to the Amazon RDS console by clicking on the “Services” dropdown menu at the top of the page and selecting “RDS” under the Database category.

3. Select the RDS Instance: In the RDS dashboard, locate and select the RDS instance for which you want to enable Event Notifications.

4. Enable Event Notifications: In the RDS instance details page, scroll down to the “Event subscriptions” section and click on the “Modify” button.

5. Configure Event Notifications: In the Modify RDS instance page, scroll down to the “Event subscriptions” section and click on the “Add event subscription” button.

6. Set up Event Subscription: In the Add event subscription dialog box, configure the following settings:

   • Subscription name: Enter a name for the event subscription.
   • SNS topic: Select an existing SNS topic or create a new one to receive the event notifications.
   • Event categories: Select the event categories for which you want to receive notifications. For example, you can choose “All” to receive notifications for all event categories.
   • Severity: Select the severity level of events for which you want to receive notifications.
   • Enable: Make sure the “Enable” checkbox is checked to activate the event subscription.

7. Save Changes: Click on the “Add subscription” button to save the event subscription settings.

8. Verify Configuration: Once the event subscription is added, verify that the Event Notifications are now enabled for the RDS instance by checking the Event Subscriptions section in the RDS instance details page.

By following these steps, you have successfully enabled Event Notifications for the AWS RDS instance using the AWS Management Console. This will ensure that you receive notifications for important events related to the RDS instance.

​

Using CLI

To remediate the misconfiguration of Event Notifications not being enabled for AWS RDS using AWS CLI, you can follow these steps:

1. List Current Event Subscriptions: First, you need to list the current event subscriptions to check if there are any existing subscriptions. You can use the following AWS CLI command:

   aws rds describe-event-subscriptions
   

2. Enable Event Notifications: If there are no existing event subscriptions or if the required event notification is not enabled, you can enable event notifications for RDS by creating a new event subscription. Use the following AWS CLI command to create a new event subscription:

   aws rds create-event-subscription --subscription-name <subscription-name> --sns-topic-arn <sns-topic-arn> --source-type db-instance --source-ids <rds-instance-identifier> --event-categories <event-category>
   

   • Replace <subscription-name> with a unique name for the event subscription.
   • Replace <sns-topic-arn> with the ARN of the SNS topic to which you want to send the notifications.
   • Replace <rds-instance-identifier> with the identifier of the RDS instance for which you want to enable event notifications.
   • Replace <event-category> with the specific event categories you want to receive notifications for (e.g., “configuration change”, “failover”, “backup”, etc.).

3. Verify Event Subscription: After creating the event subscription, you can verify if the event notifications are successfully enabled by listing the event subscriptions again using the command in step 1.

By following these steps, you can remediate the misconfiguration of Event Notifications not being enabled for AWS RDS using AWS CLI.

​

Using Python

To remediate the misconfiguration of Event Notifications not being enabled for AWS RDS using Python, you can follow these steps:

1. Import the necessary libraries:

import boto3

2. Create an AWS RDS client:

rds_client = boto3.client('rds', region_name='YOUR_REGION')

3. Enable Event Notifications for the specific RDS instance:

db_instance_identifier = 'YOUR_DB_INSTANCE_IDENTIFIER'
sns_topic_arn = 'YOUR_SNS_TOPIC_ARN'

rds_client.modify_db_instance(
    DBInstanceIdentifier=db_instance_identifier,
    EnableEventSubscription=True,
    EventCategories=['availability', 'backup', 'configuration change', 'creation', 'deletion', 'failover', 'failure', 'low storage', 'maintenance', 'notification', 'recovery', 'restoration'],
    SnsTopicArn=sns_topic_arn
)

Make sure to replace 'YOUR_REGION', 'YOUR_DB_INSTANCE_IDENTIFIER', and 'YOUR_SNS_TOPIC_ARN' with your actual AWS region, RDS instance identifier, and SNS topic ARN respectively.

4. Verify that Event Notifications have been successfully enabled by checking the RDS instance details or the CloudWatch Events console.

By following these steps, you can remediate the misconfiguration of Event Notifications not being enabled for AWS RDS using Python.