iCompaas Support

Profile Applicability:

• Level 2

Description:

Amazon RDS allows the management of database configurations through parameter groups, which define settings for various database parameters such as memory, timeouts, and others. Monitoring and subscribing to RDS parameter group events are essential to receive notifications when significant changes or updates are made to parameter groups, such as configuration updates or status changes.

This SOP ensures that RDS parameter group events are subscribed to, providing database administrators with real-time notifications whenever key configuration changes occur, ensuring better management, troubleshooting, and compliance.

Rationale:

• Proactive Monitoring: By subscribing to parameter group events, you get immediate alerts when changes are made to your database configuration.

• Operational Visibility: Monitoring RDS parameter group events helps maintain visibility into the database configurations and any changes to them.

• Security and Compliance: Many compliance frameworks require monitoring of database configurations and changes to ensure that only authorized changes are made.

• Error Detection: Helps detect and resolve potential configuration issues before they impact the database's performance or stability.

Impact:

Pros:

• Immediate Alerts: Timely notifications help administrators react quickly to parameter changes, ensuring minimal downtime and disruption.

• Improved Security: Ensures that all changes to parameter groups are tracked and can be audited for security and compliance purposes.

• Enhanced Troubleshooting: Provides insights into changes that may affect database performance or functionality, making it easier to troubleshoot issues.

Cons:

• Notification Overload: Without proper filtering, subscribing to all parameter group events could generate a large number of notifications, leading to alert fatigue.

• Management Overhead: Setting up event subscriptions and ensuring they align with operational needs requires initial configuration and ongoing management.

Default Value:

By default, RDS parameter group events are not subscribed. You need to explicitly create event subscriptions to monitor parameter group changes.

Pre-requisite:

• AWS IAM Permissions:

  • rds:DescribeEventSubscriptions

  • rds:CreateEventSubscription

  • sns:Publish

• AWS CLI installed and configured.

• Ensure an SNS topic exists for receiving event notifications.

Test Plan:

Using AWS Console:

1. Sign in to the AWS Management Console.

2. Navigate to Amazon RDS under Services.

3. In the RDS Dashboard, go to Event Subscriptions under the Events section.

4. Review the list of existing event subscriptions:

   • Ensure there is an active subscription for parameter group events.

   • Check if the SNS topic is associated with the event subscription to notify administrators.

5. If no subscription exists, click Create Event Subscription.

   • Select RDS Parameter Group as the Source Type.

   • Choose the event categories for parameter group changes (e.g., configuration change).

   • Select the SNS topic for event notifications.

6. Save the changes and verify that notifications are being sent to the SNS topic.

Using AWS CLI:

1. To check for existing event subscriptions, run:
   

   aws rds describe-event-subscriptions --query 'EventSubscriptionsList[*].[SubscriptionName, SnsTopicArn, Enabled]'

2. Review the output and verify that parameter group events are subscribed.
   

3. To create a new event subscription for parameter groups, run:
   

   aws rds create-event-subscription --subscription-name <subscription-name> --sns-topic-arn <sns-topic-arn> --source-type db-parameter-group --event-categories "configuration change", "maintenance"

4. Verify the event subscription:
   

   aws rds describe-event-subscriptions --subscription-name <subscription-name>

Implementation Steps:

Using AWS Console:

1. Log in to the AWS Management Console and navigate to Amazon RDS.

2. In the RDS Dashboard, go to Event Subscriptions.

3. Click Create Event Subscription.

4. Provide the following details:

   • Subscription Name: Choose a name for the event subscription.

   • SNS Topic ARN: Select an SNS topic for event notifications.

   • Source Type: Select DB Parameter Group.

   • Event Categories: Choose event categories such as configuration change, maintenance, and other parameter-related events.

5. Click Create Subscription and ensure it is applied correctly.

6. Test the subscription by triggering an event (e.g., by modifying the RDS parameter group) and verifying the notification.

Using AWS CLI:

1. To create an event subscription for parameter groups, run:
   

   aws rds create-event-subscription --subscription-name <subscription-name> --sns-topic-arn <sns-topic-arn> --source-type db-parameter-group --event-categories "configuration change", "maintenance"

2. Verify the subscription using:
   

   aws rds describe-event-subscriptions --subscription-name <subscription-name>

Backout Plan:

Using AWS Console:

1. If subscribing to parameter group events causes issues or unnecessary notifications, sign in to the AWS Management Console.

2. Navigate to Amazon RDS, select Event Subscriptions, and find the subscription for parameter group events.

3. Delete or modify the subscription as needed.

Using AWS CLI:

1. To remove the event subscription, run the following command:
   

   aws rds delete-event-subscription --subscription-name <SUBSCRIPTION_NAME>

2. Verify that the subscription has been deleted:
   

   aws rds describe-event-subscriptions --subscription-name <SUBSCRIPTION_NAME>

References:

• Amazon RDS Documentation: Event Subscriptions

• AWS CLI: create-event-subscription

• AWS CLI: describe-event-subscriptions

CIS Controls Mapping: