Profile Applicability:
- Level 2
Description:
Amazon RDS offers minor version upgrades for supported database engines. Minor version upgrades typically include bug fixes, performance improvements, and security patches that do not introduce any breaking changes to the database instance. Enabling automatic minor version upgrades for RDS clusters ensures that your database remains up to date with the latest fixes, improving overall security and performance while minimizing the manual overhead of managing version upgrades.
This SOP ensures that RDS clusters are configured to automatically apply minor version upgrades.
Rationale:
Security: Minor version upgrades often include important security patches that mitigate vulnerabilities and protect against potential exploits.
Bug Fixes: These upgrades address known bugs and improve the stability of the RDS instance.
Performance: Many minor version upgrades come with performance improvements, optimizations, and new features that can enhance the database’s functionality.
Compliance: Keeping RDS instances up to date with supported versions is required by many compliance frameworks (e.g., PCI-DSS, SOC 2, HIPAA).
Impact:
Pros:
Automated Updates: Enabling minor version upgrades allows for seamless updates without requiring manual intervention, reducing operational overhead.
Security Enhancements: The latest security patches and bug fixes will be automatically applied, ensuring the database is protected from known vulnerabilities.
Improved Stability: Applying minor upgrades reduces the risk of issues arising from outdated versions and ensures database reliability.
Compliance: Helps maintain compliance with regulatory requirements that require database systems to be kept up to date with the latest patches.
Cons:
Compatibility Issues: Although minor upgrades are designed not to introduce breaking changes, there may still be some unexpected compatibility issues with specific applications or configurations.
Performance Overhead: Minor upgrades may cause a slight performance overhead during the upgrade process itself, though this is typically minimal.
Default Value:
By default, minor version upgrades are disabled for RDS clusters. They must be explicitly enabled during the creation or modification of the RDS cluster.
Pre-requisite:
AWS IAM Permissions:
rds:DescribeDBClusters
rds:ModifyDBCluster
rds:CreateDBCluster
AWS CLI installed and configured.
Ensure that the RDS engine supports minor version upgrades for the selected database engine (e.g., MySQL, PostgreSQL, MariaDB).
Test Plan:
Using AWS Console:
Sign in to the AWS Management Console.
Navigate to Amazon RDS under Services.
In the RDS Dashboard, go to Databases and select the RDS cluster you want to check.
In the Configuration tab, check the Minor Version Upgrade setting:
If minor version upgrades are enabled, it will be set to Yes.
If minor version upgrades are disabled, it will show No.
If minor version upgrades are disabled, click Modify, and in the DB Engine Version section, enable Auto minor version upgrade.
Save the changes and verify that minor version upgrades are now enabled for the RDS cluster.
Using AWS CLI:
To check if minor version upgrades are enabled for an RDS cluster, run the following command:
aws rds describe-db-clusters --query 'DBClusters[*].{DBClusterIdentifier:DBClusterIdentifier,AutoMinorVersionUpgrade:AutoMinorVersionUpgrade}'
Review the output:
If AutoMinorVersionUpgrade is true, minor version upgrades are enabled.
If AutoMinorVersionUpgrade is false, minor version upgrades are not enabled.
To enable minor version upgrades, run:
aws rds modify-db-cluster --db-cluster-identifier <cluster-id> --auto-minor-version-upgrade --apply-immediately
Verify that minor version upgrades are enabled:
aws rds describe-db-clusters --query 'DBClusters[*].{DBClusterIdentifier:DBClusterIdentifier,AutoMinorVersionUpgrade:AutoMinorVersionUpgrade}'
Implementation Steps:
Using AWS Console:
Log in to the AWS Management Console and navigate to Amazon RDS.
In the RDS Dashboard, select Databases and choose the RDS cluster for which you want to enable minor version upgrades.
Click Modify.
In the DB Engine Version section, check the box to enable Auto minor version upgrade.
Click Continue, then Apply Changes to enable minor version upgrades.
Using AWS CLI:
To enable minor version upgrades for an RDS cluster, run the following command:
aws rds modify-db-cluster --db-cluster-identifier <cluster-id> --auto-minor-version-upgrade --apply-immediately
To verify that minor version upgrades are enabled, run:
aws rds describe-db-clusters --query 'DBClusters[*].{DBClusterIdentifier:DBClusterIdentifier,AutoMinorVersionUpgrade:AutoMinorVersionUpgrade}'
Backout Plan:
Using AWS Console:
If enabling automatic minor version upgrades causes issues, sign in to the AWS Management Console.
Navigate to Amazon RDS, select the DB cluster, and click Modify.
Uncheck the Auto minor version upgrade option.
Save the changes and verify that automatic minor version upgrades are disabled.
Using AWS CLI:
To disable automatic minor version upgrades, run the following command:
aws rds modify-db-cluster --db-cluster-identifier <CLUSTER_ID> --no-auto-minor-version-upgrade --apply-immediately
Verify that automatic minor version upgrades have been disabled:
aws rds describe-db-clusters --db-cluster-identifier <CLUSTER_ID>