๐ก๏ธ AWS RDS Multi-AZ Cluster Auto Minor Version Upgrade is not enabled๐ข
- Contextual name: ๐ก๏ธ Multi-AZ Cluster Auto Minor Version Upgrade is not enabled๐ข
- ID:
/ce/ca/aws/rds/cluster-auto-minor-version-upgrade - Tags:
- ๐ข Policy with categories
- ๐ข Policy with type
- ๐ข Production policy
- Policy Type:
COMPLIANCE_POLICY - Policy Categories:
SECURITY,RELIABILITY,PERFORMANCE
Logicโ
- ๐ง prod.logic.yaml๐ข
- ๐ AWS RDS Cluster
- ๐ AWS RDS Cluster - object.extracts.yaml
- ๐งช test-data.json
Similar Policiesโ
Descriptionโ
Descriptionโ
This policy identifies AWS RDS Multi-AZ Clusters where the Auto Minor Version Upgrade feature is disabled.
Rationaleโ
Enabling automatic minor version upgrades ensures that clusters receive the latest engine updates, which may include critical security patches, bug fixes, and performance improvements. For Multi-AZ clusters designed to provide high availability, maintaining consistent updates across all instances is essential for stability, security, and uniform behavior, particularly during failover events.
Auditโ
This policy flags a Multi-AZ AWS RDS Cluster as
INCOMPLIANTif theAuto Minor Version Upgradefield is set to No.A Cluster is marked as
INAPPLICABLEif theMulti-AZfield is set to false.
Remediationโ
Remediationโ
Enable Automatic Minor Version Upgradesโ
Using AWS CloudFormationโ
- CloudFormation template (YAML):
AWSTemplateFormatVersion: '2010-09-09'
Description: Enables automatic minor version upgrades for an existing RDS cluster.
Parameters:
DBClusterId:
Type: String
Description: ID of the existing RDS cluster
Resources:
AutoMinorUpgradeRDS:
Type: AWS::RDS::DBCluster
Properties:
DBClusterIdentifier: !Ref DBClusterId
AutoMinorVersionUpgrade: trueFrom Command Lineโ
aws rds modify-db-cluster
--db-cluster-identifier {{cluster-id}}
--auto-minor-version-upgrade
[--apply-immediately]To apply the change during the next maintenance window, omit the
--apply-immediatelyflag.