DATABASE

AUTO UPDATE MINOR - INSTANCE RDS

Amazon Relational Database Service (Amazon RDS) is a set of managed services that makes it easy to configure, use, and scale databases in the cloud.

A minor engine release is an update to the database engine version within a major engine release. For example, a major engine version might be numbered 9.6 and minor versions might be numbered 9.6.11 and 9.6.12.

It is possible to activate the 'Auto Minor Version upgrade' indicator in order to automatically receive minor updates of the DBMS engine. Here are the two prerequisites:

The database is running a minor version of the engine lower than the preferred version.
The database is running a minor version of the engine that is lower than the preferred version. * The automatic upgrade of minor versions is enabled for the database.

It is possible to do the same thing for the major version, however this manipulation can be dangerous within a production infrastructure.

Documentation :

https://docs.aws.amazon.com/fr_fr/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Upgrading.html

PUBLIC AVAILABILITY

It hurts to say it but make sure your RDS databases are not accessible to everyone (disable "database Publicly Accessible" and update your VPC groups).

Requêtes :

Lister les groupes de sécurité avec des instances RDS :

aws rds describe-db-instances --db-instance-identifier your-db-instance-name --query "DBInstances[*].VpcSecurityGroups[*].VpcSecurityGroupId" --output text

Supprimer la règle d'accès :

aws ec2 revoke-security-group-ingress --group-id your-security-group-id --protocol tcp --port 3306 --cidr 0.0.0.0/0

Vérifier :

aws ec2 describe-security-groups --group-ids your-security-group-id --query "SecurityGroups[*].IpPermissions[*].IpRanges[*].CidrIp" --output text

In general, check if other administration ports are open to the four winds.

PreviousACCOUNT MANAGEMENT NextENCRYPTION

Last updated 7 months ago