Enhanced Monitoring Should Be Enabled For RDS Instances

​

More Info:

Checks if enhanced monitoring is enabled for Amazon RDS instances. This rule is NON_COMPLIANT if ‘monitoringInterval’ is ‘0’ in the configuration item of the RDS instance, or if ‘monitoringInterval’ does not match the rule parameter value.

​

Risk Level

Medium

​

Addresses

Monitoring

​

Compliance Standards

CBP,SEBI,RBI_MD_ITF

​

Remediation

​

Using Console

To remediate the misconfiguration of not having Enhanced Monitoring enabled for RDS instances in AWS using the AWS Management Console, follow these step-by-step instructions:

1. Login to AWS Console: Go to the AWS Management Console (https://aws.amazon.com/console/) and login using your credentials.

2. Navigate to RDS Service: Click on the “Services” dropdown in the top left corner of the console, then select “RDS” under the “Database” category.

3. Select RDS Instance: In the Amazon RDS dashboard, select the RDS instance for which you want to enable Enhanced Monitoring.

4. Enable Enhanced Monitoring: Click on the RDS instance name to open the details page. In the navigation pane on the left, click on “Configuration” to expand the configuration options.

5. Modify Instance: Click on the “Modify” button at the top of the page to modify the instance settings.

6. Enable Enhanced Monitoring: Scroll down to the “Monitoring” section of the Modify DB Instance page. Look for the “Enhanced monitoring” option and select the desired monitoring level (e.g., Basic, Enhanced, or Performance Insights).

7. Save Changes: Scroll to the bottom of the page and click on the “Continue” button. Review the changes you are about to make, and then click on the “Modify DB Instance” button to apply the changes.

8. Monitor Status: Once the modification is complete, the status of the RDS instance will change to “modifying.” You can monitor the progress of the modification in the RDS console.

9. Verify Enhanced Monitoring: After the modification is completed, go back to the RDS instance details page and check the monitoring section to ensure that Enhanced Monitoring is enabled for the instance.

By following these steps, you will successfully remediate the misconfiguration of not having Enhanced Monitoring enabled for RDS instances in AWS using the AWS Management Console.

​

Using CLI

To remediate the misconfiguration of not having Enhanced Monitoring enabled for RDS instances in AWS using AWS CLI, you can follow these steps:

Step 1: List all the RDS instances in your AWS account:

aws rds describe-db-instances

Step 2: Identify the RDS instance for which you want to enable Enhanced Monitoring.

Step 3: Enable Enhanced Monitoring for the identified RDS instance:

aws rds modify-db-instance --db-instance-identifier YOUR_DB_INSTANCE_IDENTIFIER --monitoring-interval 1

Replace YOUR_DB_INSTANCE_IDENTIFIER with the actual identifier of your RDS instance.

Step 4: Verify that Enhanced Monitoring is enabled for the RDS instance:

aws rds describe-db-instances --db-instance-identifier YOUR_DB_INSTANCE_IDENTIFIER

After following these steps, Enhanced Monitoring should be successfully enabled for the specified RDS instance in AWS using AWS CLI.

​

Using Python

To remediate the misconfiguration of not having Enhanced Monitoring enabled for AWS RDS instances using Python, you can use the AWS SDK for Python (Boto3) to enable Enhanced Monitoring. Here are the step-by-step instructions to remediate this issue:

1. Install Boto3: If you haven’t already installed the Boto3 library, you can do so using pip:

   pip install boto3
   

2. Configure AWS Credentials: Ensure that you have configured your AWS credentials either by setting environment variables or using the AWS CLI aws configure command.

3. Write a Python script: Create a Python script with the following code to enable Enhanced Monitoring for your RDS instance:

   import boto3
   
   # Initialize the RDS client
   rds_client = boto3.client('rds')
   
   # Specify the RDS instance identifier for which you want to enable Enhanced Monitoring
   instance_identifier = 'your_rds_instance_identifier'
   
   # Enable Enhanced Monitoring for the specified RDS instance
   try:
       response = rds_client.modify_db_instance(
           DBInstanceIdentifier=instance_identifier,
           MonitoringInterval=60,  # Monitoring interval in seconds (1 minute)
           MonitoringRoleArn='arn:aws:iam::123456789012:role/monitoringRole',  # Replace with your IAM role ARN
           EnableEnhancedMonitoring=True
       )
       print(f"Enhanced Monitoring enabled for RDS instance {instance_identifier}")
   except Exception as e:
       print(f"Error enabling Enhanced Monitoring: {str(e)}")
   

4. Replace the placeholders:

   • Replace 'your_rds_instance_identifier' with the actual RDS instance identifier for which you want to enable Enhanced Monitoring.
   • Replace 'arn:aws:iam::123456789012:role/monitoringRole' with the ARN of the IAM role that has permissions to publish monitoring data to CloudWatch.

5. Run the Python script: Execute the Python script in your terminal or IDE to enable Enhanced Monitoring for the specified RDS instance. Make sure to review the output for any errors.

By following these steps and running the Python script, you can remediate the misconfiguration of not having Enhanced Monitoring enabled for AWS RDS instances.