Ensure automatic minor version upgrade is enabled for Amazon Relational Database Service (Amazon RDS) instances

HIGH

Description

AWS RDS instances have auto minor version upgrade disabled which may cause RDS instances to miss important updates and bug fixes.

Remediation

In AWS Console -

Sign in to the AWS Console and go to the AWS RDS Console.
In the RDS Dashboard, click on Databases.
Select Modify to modify the instance of your choice.
Select the Auto Minor Version Upgrade option to enable it.

In Terraform -

In the aws_db_instance resource, set the auto_minor_version_upgrade field to true.

References:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Upgrading.html#USER_UpgradeDBInstance.Upgrading.AutoMinorVersionUpgrades
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance#auto_minor_version_upgrade

Policy Details

Rule Reference ID: AC_AWS_0056

CSP: AWS

Remediation Available: Yes

Domain: Data Protection

Resource: aws_db_instance

Resource Category: Database

Resource Type: DB Instance

Frameworks

GDPR
HIPAA
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0