Profile Applicability:
Level 1
Description:
Amazon MemoryDB for Redis is a fully managed, Redis-compatible, in-memory database service built for durability and low-latency performance. Minor version upgrades help ensure that the MemoryDB cluster is running the latest patch releases and improvements to address security, bug fixes, and performance optimizations. Enabling minor version upgrades automatically applies the latest patches without requiring manual intervention, ensuring that the service stays up-to-date and secure.
This SOP ensures that minor version upgrades are enabled for your MemoryDB clusters, which helps maintain the performance and security of your environment with minimal disruption.
Rationale:
Security: Minor version upgrades often include important security patches. Enabling automatic upgrades ensures that critical vulnerabilities are mitigated promptly.
Performance Improvements: Minor version upgrades can bring optimizations and improvements to the underlying system without breaking compatibility, improving the overall performance of your cluster.
Compliance: Many compliance frameworks (e.g., SOC 2, PCI-DSS, HIPAA) require that systems be updated with the latest security patches, which is facilitated by minor version upgrades.
Operational Efficiency: Automating the minor version upgrade process reduces administrative overhead and ensures that the MemoryDB cluster is always running the latest stable version.
Impact:
Pros:
Improved Security: Keeps the cluster protected by applying the latest security patches and bug fixes.
Better Performance: Optimizations in newer minor versions can lead to improved performance and reduced operational overhead.
Reduced Administrative Workload: Automating version upgrades reduces the need for manual intervention and maintenance.
Compliance: Meets regulatory requirements for maintaining up-to-date software.
Cons:
Potential Disruption: While minor upgrades are designed to be non-disruptive, they can occasionally cause brief interruptions in the service.
Compatibility: Some features may change with minor upgrades, and certain configurations may be impacted.
Testing Requirements: It is important to test minor upgrades in a staging environment to ensure that the new version does not negatively impact your workloads.
Default Value:
By default, MemoryDB clusters do not have minor version upgrades enabled. You must explicitly configure this setting to allow for automatic minor version upgrades.
Pre-requisite:
AWS IAM Permissions:
memorydb:DescribeClusters
memorydb:ModifyCluster
memorydb:CreateCluster
memorydb:UpdateCluster
AWS CLI installed and configured.
An active MemoryDB cluster that can be modified.
Automatic minor version upgrades should be enabled according to your organization's maintenance policy.
Remediation:
Test Plan:
Using AWS Console:
Sign in to the AWS Management Console.
Navigate to Amazon MemoryDB under Services.
In the MemoryDB Dashboard, select Clusters.
Choose the MemoryDB cluster for which you want to check the minor version upgrade status.
Under Cluster Settings, check the Auto Minor Version Upgrade setting:
If Auto Minor Version Upgrade is enabled, it will be indicated.
If Auto Minor Version Upgrade is disabled, it will be indicated as No.
If minor version upgrades are not enabled, click Modify Cluster and enable the Auto Minor Version Upgrade option.
Save the changes to enable automatic minor version upgrades for the cluster.
Using AWS CLI:
To check if minor version upgrades are enabled for a MemoryDB cluster, run:
aws memorydb describe-clusters --query 'Clusters[*].{ClusterId:ClusterId,AutoMinorVersionUpgrade:AutoMinorVersionUpgrade}'If AutoMinorVersionUpgrade is false, enable minor version upgrades by running:
aws memorydb modify-cluster --cluster-id <cluster-id> --auto-minor-version-upgrade
To confirm the update, run:
aws memorydb describe-clusters --cluster-id <cluster-id> --query 'Clusters[*].{ClusterId:ClusterId,AutoMinorVersionUpgrade:AutoMinorVersionUpgrade}'Implementation Steps:
Using AWS Console:
Log in to the AWS Management Console and navigate to Amazon MemoryDB.
In the MemoryDB Dashboard, select the cluster you want to modify.
Under Cluster Settings, locate the Auto Minor Version Upgrade option.
If Auto Minor Version Upgrade is disabled, click Modify Cluster.
Enable Auto Minor Version Upgrade and save the changes.
The cluster will automatically apply minor version upgrades according to the schedule.
Using AWS CLI:
To enable Auto Minor Version Upgrade, run:
aws memorydb modify-cluster --cluster-id <cluster-id> --auto-minor-version-upgrade
To verify the change, run:
aws memorydb describe-clusters --cluster-id <cluster-id> --query 'Clusters[*].{ClusterId:ClusterId,AutoMinorVersionUpgrade:AutoMinorVersionUpgrade}'Backout Plan:
Console Process
Go to the MemoryDB Console:
Open the Amazon MemoryDB console.
Select your cluster from the list.
Enable Minor Version Upgrade:
Navigate to the Cluster Settings section.
Look for the Auto Minor Version Upgrade option and enable it.
Save the changes.
CLI Process
Update Cluster Settings:
aws memorydb update-cluster \ --cluster-name <cluster-name> \ --auto-minor-version-upgrade
Verify Settings:
aws memorydb describe-clusters --cluster-name <cluster-name>
Check the AutoMinorVersionUpgrade field in the output.
Note:
Testing: It is recommended to test minor version upgrades in a staging environment to confirm there are no compatibility or performance issues before enabling it on production clusters.
Monitoring: After enabling automatic minor version upgrades, regularly monitor the cluster for any issues that may arise due to upgrades.