RDS instances Should Not Be Idle
More Info:
Identify any Amazon RDS database instances that appear to be idle and delete them to help lower the cost of your monthly AWS billRisk Level
HighAddress
Reliability, SecurityCompliance Standards
HITRUST, SOC2, NISTCSFTriage and Remediation
Remediation
Using Console
Using Console
To remediate the issue of idle RDS instances in AWS using the AWS Management Console, follow these steps:
-
Identify Idle RDS Instances:
- Log in to your AWS Management Console.
- Go to the RDS service.
- Click on “Databases” from the left-hand menu.
- Identify the RDS instances that have been idle for a long time.
-
Modify the Instance to Prevent Idleness:
- Select the idle RDS instance that you want to modify.
- Click on the instance name to view its details.
- Click on the “Modify” button.
-
Adjust the Instance Settings:
- Increase the “Backup Retention Period” to ensure regular backups are taken.
- Enable “Auto Minor Version Upgrade” to keep the instance updated.
- Modify the “Maintenance Window” to schedule regular maintenance activities.
-
Enable Enhanced Monitoring:
- Enable Enhanced Monitoring to collect metrics on the instance’s performance.
- This can help you identify any issues that may be causing idleness.
-
Set up Alarms:
- Create CloudWatch Alarms to monitor the instance’s CPU utilization, storage, and other metrics.
- Set up notifications to alert you when the instance is idle or underutilized.
-
Implement Database Activity Monitoring:
- Use AWS services like Amazon CloudWatch Logs or Amazon RDS Performance Insights to monitor database activity.
- Analyze the data to identify any patterns of idleness and take necessary actions.
-
Implement Automation:
- Utilize AWS Lambda functions or AWS Systems Manager Automation to automate tasks like stopping or resizing idle instances.
- Set up a schedule to run these automation tasks regularly.
-
Review and Optimize:
- Regularly review the performance metrics and logs of your RDS instances.
- Optimize the instance configurations based on the usage patterns to prevent idleness.
Using CLI
Using CLI
To remediate the misconfiguration of idle RDS instances in AWS using AWS CLI, you can set up a CloudWatch alarm to monitor the CPU utilization of the RDS instances and then take action when the CPU utilization falls below a certain threshold. Here are the step-by-step instructions:
-
Create a CloudWatch Alarm:
- Use the following AWS CLI command to create a CloudWatch alarm that monitors the CPU utilization of the RDS instances:
- Replace
<ARN_of_SNS_Topic>with the ARN of the SNS topic to which you want to send the alarm notifications.
- Replace
- Use the following AWS CLI command to create a CloudWatch alarm that monitors the CPU utilization of the RDS instances:
-
Modify the Alarm Actions:
- Modify the alarm actions to perform the necessary action when the alarm is triggered. For example, you can stop or delete the idle RDS instances. You can use the following AWS CLI command to update the alarm actions:
- Replace
<ARN_of_AWS_Lambda_Function>with the ARN of the AWS Lambda function that performs the action on the RDS instances.
- Replace
- Modify the alarm actions to perform the necessary action when the alarm is triggered. For example, you can stop or delete the idle RDS instances. You can use the following AWS CLI command to update the alarm actions:
-
Create an AWS Lambda Function (if not already created):
- Create an AWS Lambda function that stops or deletes the idle RDS instances. You can use the following AWS CLI command to create a Lambda function:
- Replace
<IAM_Role_for_Lambda_Function>with the IAM role assigned to the Lambda function and<Bucket_Name>and<Lambda_Zip_File>with the S3 bucket name and Lambda zip file respectively.
- Replace
- Create an AWS Lambda function that stops or deletes the idle RDS instances. You can use the following AWS CLI command to create a Lambda function:
-
Update the Lambda Function:
- Update the Lambda function code to stop or delete the idle RDS instances based on the CloudWatch alarm triggers.
Using Python
Using Python
To remediate the issue of idle RDS instances in AWS using Python, you can create a Lambda function that will check the status of RDS instances and stop the idle instances. Here are the step-by-step instructions to remediate this issue:
-
Create an IAM Role:
- Create an IAM role with the necessary permissions to describe and stop RDS instances. Attach the following policies to the role:
AmazonRDSReadOnlyAccess: Allows read-only access to RDS instances.AmazonRDSFullAccess: Allows full access to RDS instances (for stopping them).
- Create an IAM role with the necessary permissions to describe and stop RDS instances. Attach the following policies to the role:
-
Create a Lambda Function:
- Go to the AWS Lambda console and create a new Lambda function.
- Choose “Author from scratch” and configure the basic settings.
- Under “Permissions”, choose the IAM role created in step 1.
- Write the Python code to describe RDS instances and stop the idle ones. Here’s a sample code snippet:
-
Set Up CloudWatch Event:
- Create a CloudWatch Event rule to trigger the Lambda function at a specific interval (e.g., every hour).
- Configure the event rule to trigger the Lambda function.
-
Test the Solution:
- Manually trigger the Lambda function to test if it stops the idle RDS instances successfully.