AWS DB instance does not get all minor upgrades automatically
Description
When Amazon Relational Database Service (Amazon RDS) supports a new version of a database engine, you can upgrade your DB instances to the new version. There are two kinds of upgrades: major version upgrades and minor version upgrades. Minor upgrades helps maintain a secure and stable RDS with minimal impact on the application. For this reason, we recommend that your automatic minor upgrade is enabled. Minor version upgrades only occur automatically if a minor upgrade replaces an unsafe version, such as a minor upgrade that contains bug fixes for a previous version.
Code Example
{
"aws rds modify-db-instance \\
--region ${region} \\
--db-instance-identifier ${resource_name} \\
--auto-minor-version-upgrade \\
--apply-immediately",
}Remediation
AWS Console
Enable RDS auto minor version upgrades.
. Go to the AWS console https://console.aws.amazon.com/rds/ [RDS dashboard].
. In the navigation pane, choose Instances.
. Select the database instance you wish to configure.
. From the Instance actions menu, select Modify.
. Under the Maintenance* section, choose Yes for Auto minor version upgrade.
. Select Continue and then Modify DB Instance.
CLI Command
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0274 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV_AWS_226 |