v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/aws_compliance
Overview
32Dashboards
1295Controls
585Queries
4Variables
GitHub

Control: 6 Enhanced monitoring should be configured for RDS DB instances and clusters

Description

This control checks whether enhanced monitoring is enabled for your RDS DB instances.

In Amazon RDS, Enhanced Monitoring enables a more rapid response to performance changes in underlying infrastructure. These performance changes could result in a lack of availability of the data. Enhanced Monitoring provides real-time metrics of the operating system that your RDS DB instance runs on. An agent is installed on the instance. The agent can obtain metrics more accurately than is possible from the hypervisor layer.

Enhanced Monitoring metrics are useful when you want to see how different processes or threads on a DB instance use the CPU.

Remediation

For detailed instructions on how to enable Enhanced Monitoring for your DB instance, see Setting up for and enabling Enhanced Monitoring.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.foundational_security_rds_6

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.foundational_security_rds_6 --share

SQL

This control uses a named query:

rds_db_instance_and_cluster_enhanced_monitoring_enabled

Tags

aws_foundational_security = true
category = Compliance
foundational_security_category = detection_services
foundational_security_item_id = rds_6
plugin = aws
service = AWS/RDS