Enhanced Monitoring Should Be Enabled For RDS Instances
More Info:
Checks if enhanced monitoring is enabled for Amazon RDS instances. This rule is NON_COMPLIANT if ‘monitoringInterval’ is ‘0’ in the configuration item of the RDS instance, or if ‘monitoringInterval’ does not match the rule parameter value.Risk Level
MediumAddresses
MonitoringCompliance Standards
CBP,SEBI,RBI_MD_ITFTriage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration of not having Enhanced Monitoring enabled for RDS instances in AWS using the AWS Management Console, follow these step-by-step instructions:
- Login to AWS Console: Go to the AWS Management Console (https://aws.amazon.com/console/) and login using your credentials.
- Navigate to RDS Service: Click on the “Services” dropdown in the top left corner of the console, then select “RDS” under the “Database” category.
- Select RDS Instance: In the Amazon RDS dashboard, select the RDS instance for which you want to enable Enhanced Monitoring.
- Enable Enhanced Monitoring: Click on the RDS instance name to open the details page. In the navigation pane on the left, click on “Configuration” to expand the configuration options.
- Modify Instance: Click on the “Modify” button at the top of the page to modify the instance settings.
- Enable Enhanced Monitoring: Scroll down to the “Monitoring” section of the Modify DB Instance page. Look for the “Enhanced monitoring” option and select the desired monitoring level (e.g., Basic, Enhanced, or Performance Insights).
- Save Changes: Scroll to the bottom of the page and click on the “Continue” button. Review the changes you are about to make, and then click on the “Modify DB Instance” button to apply the changes.
- Monitor Status: Once the modification is complete, the status of the RDS instance will change to “modifying.” You can monitor the progress of the modification in the RDS console.
- Verify Enhanced Monitoring: After the modification is completed, go back to the RDS instance details page and check the monitoring section to ensure that Enhanced Monitoring is enabled for the instance.
Using CLI
Using CLI
To remediate the misconfiguration of not having Enhanced Monitoring enabled for RDS instances in AWS using AWS CLI, you can follow these steps:Step 1: List all the RDS instances in your AWS account:Step 2: Identify the RDS instance for which you want to enable Enhanced Monitoring.Step 3: Enable Enhanced Monitoring for the identified RDS instance:Replace After following these steps, Enhanced Monitoring should be successfully enabled for the specified RDS instance in AWS using AWS CLI.
YOUR_DB_INSTANCE_IDENTIFIER with the actual identifier of your RDS instance.Step 4: Verify that Enhanced Monitoring is enabled for the RDS instance:Using Python
Using Python
To remediate the misconfiguration of not having Enhanced Monitoring enabled for AWS RDS instances using Python, you can use the AWS SDK for Python (Boto3) to enable Enhanced Monitoring. Here are the step-by-step instructions to remediate this issue:
-
Install Boto3:
If you haven’t already installed the Boto3 library, you can do so using pip:
-
Configure AWS Credentials:
Ensure that you have configured your AWS credentials either by setting environment variables or using the AWS CLI
aws configurecommand. -
Write a Python script:
Create a Python script with the following code to enable Enhanced Monitoring for your RDS instance:
-
Replace the placeholders:
- Replace
'your_rds_instance_identifier'with the actual RDS instance identifier for which you want to enable Enhanced Monitoring. - Replace
'arn:aws:iam::123456789012:role/monitoringRole'with the ARN of the IAM role that has permissions to publish monitoring data to CloudWatch.
- Replace
- Run the Python script: Execute the Python script in your terminal or IDE to enable Enhanced Monitoring for the specified RDS instance. Make sure to review the output for any errors.