Ensure performance insights are enabled for Amazon Relational Database Service (Amazon RDS) instances

MEDIUM

Description

Performance insights are disabled for AWS DB instances. This may make audit challenging.

Remediation

In AWS Console -

Sign in to the AWS Console and go to the AWS RDS Console.
In the RDS Dashboard, click on Databases.
Select Modify to modify the instance of your choice.
Modify performance insights in the Performance Insights section to ensure performance insights are enabled.

In Terraform -

In the aws_db_instance resource, set the performance_insights_enabled field to true.

References:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance#performance_insights_enabled

Policy Details

Rule Reference ID: AC_AWS_0062

CSP: AWS

Remediation Available: Yes

Domain: Logging and Monitoring

Resource: aws_db_instance

Resource Category: Database

Resource Type: DB Instance

Frameworks

GDPR
NIST-800-171
NIST-800-53
NIST-CSF
HIPAA