AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
General Purpose SSDs Should Be Used Instead of IOPS SSDs
More Info:
Your RDS instances should be using General Purpose SSDs instead of Provisioned IOPS SSDs for cost-effective storage that fits a broad range of database workloads
Risk Level
Medium
Address
Cost Optimisation
Compliance Standards
CBP
Triage and Remediation
Remediation
To remediate this misconfiguration in AWS RDS using the AWS console, follow these steps:
-
Login to AWS Console: Go to the AWS Management Console and login with your credentials.
-
Navigate to RDS Service: Click on the “Services” dropdown menu at the top, select “RDS” under the Database category.
-
Select the RDS Instance: From the list of RDS instances, select the instance for which you want to change the storage type.
-
Modify the Instance: Click on the instance name to open the details page. Then, click on the “Modify” button at the top of the page.
-
Change Storage Type: In the Modify RDS Instance page, scroll down to the “Storage” section. Here, you will see the storage type currently being used (IOPS SSD in this case).
-
Select General Purpose SSD: Change the storage type from IOPS SSD to General Purpose SSD by selecting the appropriate option from the dropdown menu.
-
Adjust Storage Size and IOPS: Depending on the instance’s requirements, you may need to adjust the storage size and IOPS settings for the General Purpose SSD. Make sure to set these values according to your workload needs.
-
Apply Changes: Once you have selected the General Purpose SSD and adjusted the storage settings, scroll down to the bottom of the page and click on the “Continue” button.
-
Review and Apply Changes: Review the modifications you have made to ensure everything is correct. Then, click on the “Modify DB Instance” button to apply the changes.
-
Monitor the Instance: After applying the changes, monitor the RDS instance to ensure that the modification has been successfully implemented and that the instance is functioning as expected with the new storage type.
By following these steps, you can remediate the misconfiguration of using IOPS SSDs instead of General Purpose SSDs for an AWS RDS instance using the AWS Management Console.
To remediate this misconfiguration for AWS RDS using AWS CLI, you can follow these steps:
-
List Existing RDS Instances: First, list all the existing RDS instances to identify the instance that is currently using IOPS SSDs. You can use the following AWS CLI command to list RDS instances:
aws rds describe-db-instances -
Modify RDS Instance: Once you have identified the RDS instance that is using IOPS SSDs, you can modify the instance to change the storage type to General Purpose SSDs. Use the following AWS CLI command to modify the RDS instance:
aws rds modify-db-instance --db-instance-identifier <your-db-instance-identifier> --storage-type gp2Replace
<your-db-instance-identifier>with the actual identifier of the RDS instance you want to modify. -
Monitor the Modification: After modifying the RDS instance, monitor the modification status to ensure that the storage type has been successfully changed to General Purpose SSDs. You can use the following AWS CLI command to describe the modified RDS instance:
aws rds describe-db-instances --db-instance-identifier <your-db-instance-identifier> -
Verify the Storage Type: Finally, verify that the storage type of the RDS instance has been successfully changed to General Purpose SSDs by checking the instance details. You can use the AWS Management Console or the AWS CLI command mentioned in step 3 to verify the storage type.
By following these steps, you can successfully remediate the misconfiguration of using IOPS SSDs and switch to using General Purpose SSDs for your AWS RDS instance using AWS CLI.
To remediate the misconfiguration of using IOPS SSDs instead of General Purpose SSDs for an AWS RDS instance using Python, you can follow these steps:
- Import the necessary Python libraries:
import boto3
- Initialize the AWS RDS client:
rds_client = boto3.client('rds', region_name='your_region')
- Describe the current RDS instance to check the storage type:
response = rds_client.describe_db_instances(DBInstanceIdentifier='your_db_instance_name')
- Check the current storage type of the RDS instance:
storage_type = response['DBInstances'][0]['StorageType']
- If the storage type is ‘io1’ (IOPS SSD), modify the RDS instance to use ‘gp2’ (General Purpose SSD) instead:
if storage_type == 'io1':
rds_client.modify_db_instance(
DBInstanceIdentifier='your_db_instance_name',
StorageType='gp2',
ApplyImmediately=True
)
- Confirm the modification is successful:
response = rds_client.describe_db_instances(DBInstanceIdentifier='your_db_instance_name')
new_storage_type = response['DBInstances'][0]['StorageType']
print(f"Storage type changed to: {new_storage_type}")
- Run the Python script to remediate the misconfiguration.
By following these steps, you can remediate the misconfiguration of using IOPS SSDs instead of General Purpose SSDs for an AWS RDS instance using Python.