Remediation

Enable Auto Minor Version Upgrade

Using AWS CloudFormation

CloudFormation template (YAML):

AWSTemplateFormatVersion: '2010-09-09'
Description: Enables automatic minor version upgrades for an existing RDS instance.

Parameters:
  DBInstanceIdentifier:
    Type: String
    Description: ID of the existing RDS instance

Resources:
  AutoMinorUpgradeRDS:
    Type: AWS::RDS::DBInstance
    Properties:
      DBInstanceIdentifier: !Ref DBInstanceIdentifier
      AutoMinorVersionUpgrade: true

Using Terraform

Terraform configuration file (.tf):

terraform {
 required_providers {
  aws = {
   source  = "hashicorp/aws"
   version = "~> 3.27"
  }
 }

 required_version = ">= 0.14.9"
}

provider "aws" {
 profile = "default"
 region  = "us-east-1"
}

resource "aws_db_instance" "rds-database-instance" {
 allocated_storage     = 20
 engine                = "mysql"
 engine_version        = "5.7"
 instance_class        = "db.t2.small"
 name                  = "mysqldb"
 username              = "ccmysqluser01"
 password              = "ccmysqluserpwd"
 parameter_group_name  = "default.mysql5.7"

 # Enable Auto Minor Version Upgrade for Database Instances
 auto_minor_version_upgrade = true

 apply_immediately = true
}

From Console

Log in to the AWS Management Console and navigate to the RDS dashboard at https://console.aws.amazon.com/rds/.
In the left navigation panel, click Databases.
Select the RDS instance that you want to update.
Click the Modify button in the top right.
On the Modify DB Instance: {{instance identifier}} page, in the Maintenance section, select Auto minor version upgrade and click the Yes radio button.
At the bottom of the page, click Continue and select Apply Immediately to apply the changes immediately, or select Apply during the next scheduled maintenance window to avoid any downtime.
Review the changes and click Modify DB Instance. The instance status should change from available to modifying and back to available. Once the feature is enabled, the Auto Minor Version Upgrade status should change to Yes.

From Command Line

Run the modify-db-instance command to enable the Auto Minor Version Upgrade feature for the selected Amazon RDS database instance. The following command example uses the --apply-immediately parameter to apply configuration changes asynchronously and as soon as possible. Any changes available in the pending modifications queue are also applied with this request. If any of the pending modifications require downtime, choosing this option can cause unexpected downtime for your RDS database application. If you omit the --apply-immediately parameter, Amazon RDS applies your changes during the next maintenance window:

aws rds modify-db-instance
    --region us-east-1
    --db-instance-identifier cc-project5-mysql-database
    --auto-minor-version-upgrade
    --apply-immediately

The command output should return the configuration metadata for the modified RDS database instance:

{
    "DBInstance": {
    "PubliclyAccessible": true,
    "MasterUsername": "ccadmin",
    "MonitoringInterval": 0,
    "LicenseModel": "general-public-license",
    ---
    "AutoMinorVersionUpgrade": true,
    "PreferredBackupWindow": "06:02-06:32",
    ---
    "DBInstanceClass": "db.t3.medium",
    "DbInstancePort": 0,
    "DBInstanceIdentifier": "cc-project5-mysql-database"
    }
}

Repeat the above steps for each Amazon RDS database instance available in the selected AWS Region.
Change the AWS Region by updating the --region command parameter value and repeat the process for other regions.