iCompaas Support

Profile Applicability:
 Level 1

Description:
 Ensuring that Amazon Aurora database instances are regularly updated with the latest patches and version updates is essential for maintaining security, stability, and performance. This involves applying security patches, minor version upgrades, and ensuring that the instance is running the most up-to-date and supported version of Aurora.

Rationale:
 Regular updates and patches help protect against known vulnerabilities and security risks. Patching ensures that the database environment remains secure by addressing potential vulnerabilities in the software, thereby reducing the risk of exploits. Regular updates also improve performance, add new features, and ensure compatibility with other AWS services.

Impact:
 Without regular updates and patches, Aurora instances may be exposed to known vulnerabilities and security flaws, potentially leading to data breaches, performance issues, or system instability. Applying patches promptly ensures that the database remains protected and optimized.

Default Value:
 By default, Amazon Aurora allows automatic minor version upgrades, but major version upgrades or security patches may require manual intervention. Organizations must configure patching preferences and apply updates as needed.

Pre-requisites:

• An AWS account with the appropriate permissions to modify Aurora instances.
  
  

• Awareness of the current version of Aurora and the available updates.
  
  

• A defined maintenance window for applying updates without affecting production workloads.
  
  

Test Plan:

Using AWS Console:

1. Navigate to RDS > Databases, and select your Aurora instance.
   
   

2. In the Maintenance & backups section, verify the Auto minor version upgrade setting.
   
   

3. Review the Pending Maintenance section to identify if there are any pending patches or version updates for the Aurora instance.
   
   

4. Check the DB Engine Version to ensure it is up-to-date with the latest available version.
   
   

5. Review the Maintenance Window to ensure that updates will be applied during off-peak hours to minimize impact.
   
   

Using AWS CLI:

1. Run the following command to check if Auto minor version upgrade is enabled:
    
   

   aws rds describe-db-instances --query "DBInstances[].{DBInstanceIdentifier:DBInstanceIdentifier, AutoMinorVersionUpgrade:AutoMinorVersionUpgrade}"

2. List Pending Maintenance updates:
   

    aws rds describe-pending-maintenance-actions --resource-identifier <db-instance-id>

   
   

3. Check the DB Engine Version:
    

   aws rds describe-db-instances --query "DBInstances[].{DBInstanceIdentifier:DBInstanceIdentifier, EngineVersion:EngineVersion}"

   
   

Implementation Plan

Using AWS Console:

1. Go to RDS > Databases, select the Aurora instance, and click Modify.
   
   

2. Enable Auto minor version upgrade to ensure that minor version updates are applied automatically during the defined maintenance window.
   
   

3. Check the DB Engine Version and compare it to the latest available version in the AWS documentation.
   
   

4. If a new update is available, apply the update manually by choosing to modify the instance and selecting the appropriate engine version.
   
   

5. Set the Maintenance Window during off-peak hours to minimize performance impact while updates are applied.
   
   

Using AWS CLI:

1. Enable Auto minor version upgrade for the Aurora instance:
   

    aws rds modify-db-instance --db-instance-identifier <db-instance-id> --auto-minor-version-upgrade --apply-immediately

   
   

2. Apply the latest version manually:
   

    aws rds modify-db-instance --db-instance-identifier <db-instance-id> --engine-version <new-version> --apply-immediately

   
   

3. Check the Pending Maintenance and apply any available updates:
   

    aws rds apply-pending-maintenance-action --resource-identifier <db-instance-id> --apply-action <action> --opt-in-type immediate

   
   

Backout Plan

Using AWS Console:

1. In RDS > Databases, select the Aurora instance, and click Modify.
   
   

2. Revert the DB Engine Version to the previous version if the update caused issues or if compatibility problems arise.
   
   

3. Disable Auto minor version upgrade if automatic updates are not preferred.
   
   

4. Apply the changes and restart the instance if necessary.
   
   

Using AWS CLI:

1. Revert to the previous engine version if required:
   

    aws rds modify-db-instance --db-instance-identifier <db-instance-id> --engine-version <previous-version> --apply-immediately

   
   

2. Disable Auto minor version upgrade if not needed:
   

    aws rds modify-db-instance --db-instance-identifier <db-instance-id> --no-auto-minor-version-upgrade --apply-immediately

   
   

3. Apply the changes and restart the instance:
   

   stance-identifier <db-instance-id> aws rds reboot-db-instance --db-in

   
   

References:

• https://aws.amazon.com/rds/
  
  

• https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Backups.html
  
  

• https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceMaintaining.html
  
  

• https://aws.amazon.com/rds/patch-management/