Remediation

Remediate AWS RDS Instances

Using AWS CloudFormation

CloudFormation template (YAML):

AWSTemplateFormatVersion: '2010-09-09'
Description: Enables automatic minor version upgrades for an existing RDS instance.

Parameters:
  DBInstanceIdentifier:
    Type: String
    Description: ID of the existing RDS instance

Resources:
  AutoMinorUpgradeRDS:
    Type: AWS::RDS::DBInstance
    Properties:
      DBInstanceIdentifier: !Ref DBInstanceIdentifier
      AutoMinorVersionUpgrade: true

Using Terraform

Terraform configuration file (.tf):

terraform {
 required_providers {
  aws = {
   source  = "hashicorp/aws"
   version = "~> 3.27"
  }
 }

 required_version = ">= 0.14.9"
}

provider "aws" {
 profile = "default"
 region  = "us-east-1"
}

resource "aws_db_instance" "rds-database-instance" {
 allocated_storage     = 20
 engine                = "mysql"
 engine_version        = "5.7"
 instance_class        = "db.t2.small"
 name                  = "mysqldb"
 username              = "ccmysqluser01"
 password              = "ccmysqluserpwd"
 parameter_group_name  = "default.mysql5.7"

 # Enable Auto Minor Version Upgrade for Database Instances
 auto_minor_version_upgrade = true

 apply_immediately = true
}

From Console

Log in to the AWS management console and navigate to the RDS dashboard at https://console.aws.amazon.com/rds/.
In the left navigation panel, click Databases.
Select the RDS instance that you want to update.
Click on the Modify button located at the top right side.
On the Modify DB Instance: <instance identifier> page, In the Maintenance section, select Auto minor version upgrade and click the Yes radio button.
At the bottom of the page, click Continue, and check Apply Immediately to apply the changes immediately, or select Apply during the next scheduled maintenance window to avoid any downtime.
Review the changes and click Modify DB Instance. The instance status should change from available to modifying and back to available. Once the feature is enabled, the Auto Minor Version Upgrade status should change to Yes.

From Command Line

Run modify-db-instance command (OSX/Linux/UNIX) to enable the Auto Minor Version Upgrade feature for the selected Amazon database instance. The following command request example makes use of --apply-immediately parameter to apply the configuration changes asynchronously and as soon as possible. Any changes available in the pending modifications queue are also applied with this request. If any of the pending modifications require downtime, choosing this option can cause unexpected downtime for your RDS database application. If you skip adding the --apply-immediately parameter to the command request, Amazon RDS will apply your changes during the next maintenance window:

aws rds modify-db-instance
  --region us-east-1
  --db-instance-identifier cc-project5-mysql-database
  --auto-minor-version-upgrade
  --apply-immediately

The command output should return the configuration metadata for the modified RDS database instance:

{
 "DBInstance": {
  "PubliclyAccessible": true,
  "MasterUsername": "ccadmin",
  "MonitoringInterval": 0,
  "LicenseModel": "general-public-license",
  ---
  "AutoMinorVersionUpgrade": true,
  "PreferredBackupWindow": "06:02-06:32",
  ---
  "DBInstanceClass": "db.t3.medium",
  "DbInstancePort": 0,
  "DBInstanceIdentifier": "cc-project5-mysql-database"
 }
}

Repeat the above steps for each Amazon RDS database instance available in the selected AWS region.
Change the AWS cloud region by updating the --region command parameter value and repeat the process for other regions.