RDS instances have performance insights disabled
Description
This policy is checking to verify if RDS instances have performance insights enabled. Performance insights allow for an advanced database monitoring feature that makes it easy to diagnose and solve performance issues on Amazon RDS databases. If this feature is not enabled, the user may struggle to identify the cause of issues impacting the performance of their RDS instances. Inadequate monitoring could lead to extended downtime, inefficient use of resources and potential loss of data, all of which may have significant impacts on a business's operations and profitability. Therefore, it's a bad practice not to enable performance insights on RDS instances.
Code Example
resource "aws_db_instance" "default" {
allocated_storage = 10
engine = "mysql"
engine_version = "5.7"
instance_class = "db.t2.micro"
name = "mydb"
username = "foo"
password = "foobarbaz"
parameter_group_name = "default.mysql5.7"
+ performance_insights_enabled = true
}Remediation
Terraform
- Resource: 'aws_rds_cluster_instance', 'aws_db_instance'
- Arguments: performance_insights_enabled
To fix the issue, you should enable Performance Insights for your RDS instance in your terraform file. Here is how you can do it:
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0400 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AWS_353 |