π‘οΈ AWS RDS Multi-AZ Cluster Auto Minor Version Upgrade is not enabledπ’
- Contextual name: π‘οΈ Multi-AZ Cluster Auto Minor Version Upgrade is not enabledπ’
- ID:
/ce/ca/aws/rds/cluster-auto-minor-version-upgrade - Tags:
- π’ Policy with categories
- π’ Policy with type
- π’ Production policy
- Policy Type:
COMPLIANCE_POLICY - Policy Categories:
SECURITY,RELIABILITY,PERFORMANCE
Logicβ
- π§ prod.logic.yamlπ’
- π AWS RDS Cluster
- π AWS RDS Cluster - object.extracts.yaml
- π§ͺ test-data.json
Similar Policiesβ
Descriptionβ
Descriptionβ
This policy identifies AWS RDS Multi-AZ Clusters where the Auto Minor Version Upgrade feature is disabled.
Rationaleβ
Enabling automatic minor version upgrades ensures that clusters receive the latest engine updates, which may include critical security patches, bug fixes, and performance improvements. For Multi-AZ clusters designed to provide high availability, maintaining consistent updates across all instances is essential for stability, security, and uniform behavior, particularly during failover events.
Auditβ
This policy flags a Multi-AZ AWS RDS Cluster as
INCOMPLIANTif theAuto Minor Version Upgradefield is set to No.A Cluster is marked as
INAPPLICABLEif theMulti-AZfield is set to false.
Remediationβ
Remediationβ
Enable Automatic Minor Version Upgradesβ
Using AWS CloudFormationβ
- CloudFormation template (YAML):
AWSTemplateFormatVersion: '2010-09-09'
Description: Enables automatic minor version upgrades for an existing RDS cluster.
Parameters:
DBClusterId:
Type: String
Description: ID of the existing RDS cluster
Resources:
AutoMinorUpgradeRDS:
Type: AWS::RDS::DBCluster
Properties:
DBClusterIdentifier: !Ref DBClusterId
AutoMinorVersionUpgrade: trueFrom Command Lineβ
aws rds modify-db-cluster
--db-cluster-identifier {{cluster-id}}
--auto-minor-version-upgrade
[--apply-immediately]To apply the change during the next maintenance window, omit the
--apply-immediatelyflag.