Ensure DB instance gets all minor upgrades automatically

ID

db_auto_minor_version_upgrade

Severity

low

Vendor

AWS

Resource

DB

Tags

reachable

Description

Amazon RDS provides newer versions of each supported database engine so you can keep your DB instance up-to-date. Newer versions can include bug fixes, security enhancements, and other improvements for the database engine. When Amazon RDS supports a new version of a database engine, you can choose how and when to upgrade your database DB instances.

There are two kinds of upgrades: major version upgrades and minor version upgrades. In general, a major engine version upgrade can introduce changes that are not compatible with existing applications. In contrast, a minor version upgrade includes only changes that are backward-compatible with existing applications.

Turning automatic minor upgrade ON helps to maintain a secure and stable RDS with minimal impact on the application.

Learn more about this topic at Upgrading a DB instance engine version.

Examples

CloudFormation

{
  "Resources": {
    "rdsRDBMSDb": {
      "Type": "AWS::RDS::DBInstance",
      "DeletionPolicy": "Snapshot",
      "Properties": {
        "AutoMinorVersionUpgrade": false (1)
      }
    }
  }
}
1 AutoMinorVersionUpgrade set to false means auto minor version upgrade is not enabled. 
Resources:
  rdsRDBMSDb:
    Type: AWS::RDS::DBInstance
    DeletionPolicy: Snapshot
    Properties:
      AutoMinorVersionUpgrade: false (1)
1 AutoMinorVersionUpgrade set to false means auto minor version upgrade is not enabled.

Mitigation / Fix

Buildtime

CloudFormation

{
  "Resources": {
    "rdsRDBMSDb": {
      "Type": "AWS::RDS::DBInstance",
      "DeletionPolicy": "Snapshot",
      "Properties": {
        "AutoMinorVersionUpgrade": true (1)
      }
    }
  }
}
1 AutoMinorVersionUpgrade set to true means auto minor version upgrade is enabled. 
Resources:
  rdsRDBMSDb:
    Type: AWS::RDS::DBInstance
    DeletionPolicy: Snapshot
    Properties:
      AutoMinorVersionUpgrade: true (1)
1 AutoMinorVersionUpgrade set to true means auto minor version upgrade is enabled.

Runtime

AWS Console

To enable RDS auto minor version upgrades go to the Amazon RDS Console:

  • In the navigation pane, choose Instances.

  • Select the database instance you wish to configure.

  • From the Instance actions menu, select Modify.

  • Under the Maintenance section, choose Yes for Auto minor version upgrade.

  • Select Continue and then Modify DB Instance.