Profile Applicability

  • Level 2

Description

The Auto Minor Version Upgrade feature for AWS Database Migration Service (DMS) replication instances ensures that minor engine upgrades, including security patches and performance improvements, are automatically applied during the maintenance window. Enabling this feature helps maintain the stability, security, and performance of your DMS instances without manual intervention.

Rationale

  • Enhanced Security: Ensures timely application of security patches.

  • Improved Performance: Keeps instances up-to-date with the latest minor version improvements.

  • Operational Efficiency: Reduces the need for manual upgrades, minimizing administrative overhead.

Impact

Pros:

  • Keeps DMS replication instances secure and up-to-date.

  • Reduces the risk of vulnerabilities due to outdated software.

  • Simplifies maintenance by automating minor version upgrades.

Cons:

  • May introduce changes that require compatibility testing.

  • Requires proper scheduling of maintenance windows to avoid disruptions.

Default Value

By default, Auto Minor Version Upgrade is disabled for DMS replication instances. It must be explicitly enabled during instance creation or modification.

Pre-Requisite

IAM Permissions Required:

  • dms:DescribeReplicationInstances

  • dms:ModifyReplicationInstance

  • AWS CLI installed and configured.

Remediation

Test Plan:

Using AWS Console:

  1. Sign in to the AWS Management Console.

  2. Navigate to Database Migration Service (DMS) > Replication Instances.

  3. Select the replication instance to check its configuration.

  4. Under the Maintenance section, verify if Auto Minor Version Upgrade is enabled.

Using AWS CLI:

  1. Describe the replication instance:

    aws dms describe-replication-instances --filters Name=replication-instance-id,Values=<instance-id>

  2. Check the AutoMinorVersionUpgrade field in the output. Ensure it is set to true.

Implementation Steps:

Using AWS Console:

  1. Navigate to Database Migration Service (DMS) > Replication Instances.

  2. Select the replication instance to update.

  3. Click Modify and enable Auto Minor Version Upgrade under the Maintenance section.

  4. Save the changes.

Using AWS CLI:

  1. Enable Auto Minor Version Upgrade for the replication instance:

    aws dms modify-replication-instance \
--replication-instance-arn <instance-arn> \
--auto-minor-version-upgrade

  1. Verify the updated configuration:

    aws dms describe-replication-instances --filters Name=replication-instance-id,Values=<instance-id>

Backout Plan

Using AWS Console:

  1. If enabling Auto Minor Version Upgrade causes issues, sign in to the AWS Management Console.

  2. Navigate to AWS DMS, select the replication instance, and go to the Modify settings.

  3. Set Auto Minor Version Upgrade to No.

  4. Save the changes and verify that the instance is no longer automatically upgrading to newer minor versions.

Using AWS CLI:

  1. To disable Auto Minor Version Upgrade, run:

    aws dms modify-replication-instance --replication-instance-arn <REPLICATION_INSTANCE_ARN> --auto-minor-version-upgrade false

  2. Verify that the setting has been updated by running:\

    aws dms describe-replication-instances --replication-instance-arn <REPLICATION_INSTANCE_ARN>

References

CIS Controls

Version

Control ID

Control Description

IG1

IG2

IG3

v8

5.3

Securely Manage Network Infrastructure – Ensure network devices are resilient and fault-tolerant.

v8

13.2

Ensure Secure Network Communication – Implement measures that prevent disruption during network changes.