iCompaas Support

Profile Applicability:
 Level 1

Description:
 Implementing monitoring and alerting for Amazon Aurora ensures that the database's health, performance, and security are actively monitored. This includes using AWS-native services such as CloudWatch, RDS Enhanced Monitoring, and CloudTrail to track key metrics and set up alerts to notify administrators about issues like resource exhaustion, configuration changes, or security events.

Rationale:
 Proactive monitoring helps detect issues early, minimizing downtime and ensuring the smooth operation of the database. Setting up alerts enables automatic notifications in the event of performance degradation, security incidents, or misconfigurations, which allows for quick resolution and reduces the risk of data loss or service interruptions.

Impact:
 Without effective monitoring and alerting, potential issues such as high CPU usage, low disk space, or unauthorized access might go unnoticed, leading to downtime, security breaches, or data loss. Enabling monitoring and alerting ensures that database performance and security are continuously tracked, with prompt notification in case of problems.

Default Value:
 By default, Amazon Aurora has basic monitoring enabled through Amazon CloudWatch with limited metrics, such as CPU utilization, memory usage, and disk space. Enhanced Monitoring and detailed alerting must be explicitly configured.

Pre-requisites:

• An AWS account with administrative access to configure Aurora and monitoring services.
  
  

• Basic understanding of CloudWatch, RDS Enhanced Monitoring, and CloudTrail.
  
  

• Configured SNS Topics for alert notifications.
  
  

Test Plan:

Using AWS Console:

1. Navigate to RDS > Databases, select your Aurora instance, and check the Monitoring section.
   
   

2. Verify that Enhanced Monitoring is enabled for the Aurora instance and that the correct monitoring interval is set.
   
   

3. Review CloudWatch Alarms for the instance to ensure alerts are set for important metrics like CPU utilization, disk space, and memory.
   
   

4. Ensure that CloudTrail is enabled for RDS to capture all API activities related to the Aurora instance.
   
   

5. Check SNS Topics to confirm that alerts are being sent to the correct email addresses or Lambda functions for automated responses.
   
   

Using AWS CLI:

1. Run the following command to verify Enhanced Monitoring for the Aurora instance:
    

   aws rds describe-db-instances --query "DBInstances[].{DBInstanceIdentifier:DBInstanceIdentifier, EnhancedMonitoringStatus:EnhancedMonitoringStatus}"

   
   

2. List CloudWatch Alarms for the Aurora instance:
   

    aws cloudwatch describe-alarms --query "AlarmNames[]"

   
   

3. Check the CloudTrail status for monitoring RDS activities:
   

    aws cloudtrail describe-trails --query "trailList[].{TrailName:Name, S3BucketName:S3BucketName}"

   
   

4. Verify SNS Topics for alert notifications:
   

    aws sns list-topics --query "Topics[]"

   
   

Implementation Plan

Using AWS Console:

1. Navigate to RDS > Databases, select the Aurora instance, and click Modify.
   
   

2. Enable Enhanced Monitoring and set the monitoring interval (e.g., 60 seconds).
   
   

3. Set up CloudWatch Alarms for critical performance metrics such as CPU usage, memory, disk space, and replication lag.
   
   

4. Ensure that CloudTrail is enabled to capture all API activity for the Aurora instance.
   
   

5. Create an SNS Topic for each alarm to send notifications to administrators, such as via email or automated systems.
   
   

6. Apply the changes to start monitoring and receiving alerts.
   
   

Using AWS CLI:

1. Enable Enhanced Monitoring:
   

    aws rds modify-db-instance --db-instance-identifier <db-instance-id> --monitoring-interval 60 --apply-immediately

   
   

2. Set up CloudWatch Alarms for metrics like CPU utilization:
   

    aws cloudwatch put-metric-alarm --alarm-name "HighCPUUtilization" --metric-name CPUUtilization --namespace AWS/RDS --statistic Average --period 300 --threshold 85 --comparison-operator GreaterThanThreshold --evaluation-periods 1 --alarm-actions arn:aws:sns:<region>:<account-id>:<sns-topic-name>

   
   

3. Enable CloudTrail for RDS API activities:
    

   aws cloudtrail create-trail --name <trail-name> --s3-bucket-name <bucket-name> --is-multi-region-trail --include-global-service-events

   
   

4. List SNS Topics for alerts:
   

    aws sns list-topics --query "Topics[]"

   
   

Backout Plan

Using AWS Console:

1. In RDS > Databases, select the Aurora instance, and click Modify.
   
   

2. Disable Enhanced Monitoring or revert the monitoring interval to the default setting.
   
   

3. Remove CloudWatch Alarms for the instance and delete any existing alarms.
   
   

4. Disable CloudTrail for RDS if no longer needed.
   
   

5. Delete or modify the SNS Topics to stop receiving alerts.
   
   

Using AWS CLI:

1. Disable Enhanced Monitoring:
   

    aws rds modify-db-instance --db-instance-identifier <db-instance-id> --monitoring-interval 0 --apply-immediately

   
   

2. Remove CloudWatch Alarms:
   

    aws cloudwatch delete-alarms --alarm-names "HighCPUUtilization"

   
   

3. Disable CloudTrail for RDS:
   

    aws cloudtrail delete-trail --name <trail-name>

   
   

4. Remove SNS Topics:
   

    aws sns delete-topic --topic-arn arn:aws:sns:<region>:<account-id>:<sns-topic-name>

   
   

References:

• https://aws.amazon.com/cloudwatch/
  
  

• https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/MonitoringOverview.html
  
  

• https://docs.aws.amazon.com/cloudtrail/latest/userguide/cloudtrail-user-guide.html
  
  

• https://aws.amazon.com/sns/