Profile Applicability:
- Level 1
Description:
Amazon RDS supports minor version upgrades for database engines to ensure that instances are running the latest bug fixes, performance improvements, and security patches. Enabling minor version upgrades allows RDS instances to automatically upgrade to newer minor versions when they become available, keeping the database environment secure and up-to-date. This is important for maintaining the stability, security, and performance of your RDS instances while minimizing manual intervention.
This SOP ensures that minor version upgrades are enabled for RDS instances to improve security and system reliability with minimal downtime.
Rationale:
Security and Compliance: Ensures that the RDS instances stay up-to-date with the latest security patches and bug fixes, reducing vulnerabilities.
Operational Efficiency: Automates the process of keeping RDS instances updated, reducing the need for manual intervention and administrative overhead.
Performance Improvements: Minor version upgrades often include performance improvements and new features that can enhance the operation of the database.
Compliance with Best Practices: Ensures RDS instances are running supported and stable versions of the database engine, in line with AWS best practices for operational efficiency and security.
Impact:
Pros:
Improved Security: Reduces exposure to known vulnerabilities by automatically applying security patches in minor version upgrades.
Reduced Management Overhead: Automation of version upgrades reduces the need for manual upgrades and helps ensure RDS instances are always running the most recent, stable versions.
Better Performance: Minor upgrades often include performance enhancements, which can improve database responsiveness and reduce operational costs.
Compliance: Meets compliance requirements for patch management and system updates, ensuring that the database is always running a supported version.
Cons:
Possible Downtime: Even though minor upgrades are designed to minimize disruption, they can cause temporary downtime during the upgrade process.
Compatibility Issues: Some applications or users might face compatibility issues with new features or changes introduced by minor version upgrades.
Configuration Overhead: Enabling minor version upgrades requires configuration and management, and not all database engines support automatic upgrades.
Default Value:
By default, RDS instances do not have minor version upgrades enabled. This feature must be explicitly configured when creating or modifying the RDS instance.
Pre-requisite:
AWS IAM Permissions:
rds:DescribeDBInstances
rds:ModifyDBInstance
rds:CreateDBInstance
AWS CLI installed and configured.
Ensure RDS instances are running supported database versions that allow minor version upgrades.
Test Plan:
Using AWS Console:
Sign in to the AWS Management Console.
Navigate to Amazon RDS under Services.
In the RDS Dashboard, go to Databases and select the DB instance you want to check for minor version upgrades.
In the Configuration tab, check the Auto Minor Version Upgrade setting:
If Auto Minor Version Upgrade is enabled, it will show as Yes.
If Auto Minor Version Upgrade is disabled, you will need to enable it.
If auto minor version upgrade is not enabled, click Modify, and under the Database Options section, check the box to Enable Auto Minor Version Upgrade.
Save the changes and ensure that minor version upgrades will be automatically applied to the DB instance.
Using AWS CLI:
To check if auto minor version upgrade is enabled for an RDS instance, run:
aws rds describe-db-instances --query 'DBInstances[*].{DBInstanceIdentifier:DBInstanceIdentifier, AutoMinorVersionUpgrade:AutoMinorVersionUpgrade}'Review the output:
If AutoMinorVersionUpgrade is true, minor version upgrades are enabled.
If AutoMinorVersionUpgrade is false, minor version upgrades are not enabled.
To enable auto minor version upgrade for an RDS instance, run:
aws rds modify-db-instance --db-instance-identifier <instance-id> --auto-minor-version-upgrade --apply-immediately
Verify that auto minor version upgrade is enabled:
aws rds describe-db-instances --query 'DBInstances[*].{DBInstanceIdentifier:DBInstanceIdentifier, AutoMinorVersionUpgrade:AutoMinorVersionUpgrade}'
Implementation Steps:
Using AWS Console:
Log in to the AWS Management Console and navigate to Amazon RDS.
In the RDS Dashboard, select Databases and choose the DB instance for which you want to enable minor version upgrades.
Click Modify in the Cluster Details section.
Under the Database Options section, select Enable Auto Minor Version Upgrade.
Click Continue and then Apply Changes to enable the setting.
Using AWS CLI:
To enable auto minor version upgrade, run:
aws rds modify-db-instance --db-instance-identifier <instance-id> --auto-minor-version-upgrade --apply-immediately
Verify the changes:
aws rds describe-db-instances --query 'DBInstances[*].{DBInstanceIdentifier:DBInstanceIdentifier, AutoMinorVersionUpgrade:AutoMinorVersionUpgrade}'
Backout Plan:
Using AWS Console:
If enabling auto minor version upgrades causes issues, sign in to the AWS Management Console.
Navigate to Amazon RDS, select the DB instance, and click Modify.
Uncheck the Auto minor version upgrade option.
Save the changes, and the automatic minor version upgrades will be disabled.
Using AWS CLI:
To disable auto minor version upgrades, run the following command:
aws rds modify-db-instance --db-instance-identifier <DB_INSTANCE_ID> --no-auto-minor-version-upgrade --apply-immediately
Verify that auto minor version upgrades have been disabled:
aws rds describe-db-instances --db-instance-identifier <DB_INSTANCE_ID>