v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/aws_compliance
Overview
32Dashboards
1295Controls
585Queries
4Variables
GitHub

Control: 13 RDS automatic minor version upgrades should be enabled

Description

This control checks whether automatic minor version upgrades are enabled for the RDS database instance.

Enabling automatic minor version upgrades ensures that the latest minor version updates to the relational database management system (RDBMS) are installed. These upgrades might include security patches and bug fixes. Keeping up to date with patch installation is an important step in securing systems.

Remediation

You can enable minor version upgrades for a DB instance from the Amazon RDS console.

To enable automatic minor version upgrades for an existing DB instance

  1. Open the Amazon RDS console.
  2. Choose Databases.
  3. Choose the DB instance to modify.
  4. Choose Modify.
  5. Under Maintenance, select Yes for Auto minor version upgrade.
  6. Choose Continue.
  7. Under Scheduling of modifications, choose when to apply modifications: Apply during the next scheduled maintenance window or Apply immediately.
  8. Choose Modify DB Instance.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.foundational_security_rds_13

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.foundational_security_rds_13 --share

SQL

This control uses a named query:

rds_db_instance_automatic_minor_version_upgrade_enabled

Tags

aws_foundational_security = true
category = Compliance
foundational_security_category = vulnerability_and_patch_management
foundational_security_item_id = rds_13
plugin = aws
service = AWS/RDS