Logo of Trend Micro

DB Instance Generation

Trend Micro Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 750 automated best practice checks.

Risk level: Medium (should be achieved)
Rule ID: RDS-009

Ensure that all RDS databases instances provisioned within your AWS account are using the latest generation of instance classes in order to get the best performance with lower costs. If you are currently using RDS database instances from the previous generation (see Audit section), Cloud Conformity strongly recommends that you upgrade these instances with their latest generation equivalents.

This rule can help you work with the AWS Well-Architected Framework

This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS

Performance
efficiency
Cost
optimisation

Using the latest generation of RDS database instances instead of the previous generation instances has tangible benefits such as better hardware performance (more computing capacity and faster CPUs, memory optimization and higher network throughput), better support for latest DB engines versions (e.g. MySQL 5.7) and lower costs for memory and storage.

Audit

The following table will help you to identify any previous generation RDS instance types in use:

RDS Instance Family Previous Generation DB Instance Types
General Purpose db.m1.small | db.m1.medium | db.m1.large | db.m1.xlarge
Memory Optimized db.m2.xlarge | db.m2.2xlarge | db.m2.4xlarge | db.cr1.8xlarge
Micro Instances db.t1.micro

To determine if there are any RDS database instances from the previous generation currently active in your AWS account, perform the following:

Using AWS Console

01 Login to the AWS Management Console.

02 Navigate to EC2 dashboard at https://console.aws.amazon.com/rds/.

03 In the navigation panel, under RDS Dashboard, click Instances.

04 Select the RDS instance that you want to examine.

05 Click Instance Actions button from the dashboard top menu and select See Details.

06 Under Instance and IOPS section, check the Instance Class value:

Under Instance and IOPS section, check the Instance Class value

If the selected database is using an instance class from a previous generation - like the ones listed in the Audit section table, we highly recommend an upgrade (see Remediation / Resolution section).

07 Repeat steps no. 4 – 6 for each RDS instance provisioned in the current region. Change the AWS region from the navigation bar to repeat the process for other regions.

Using AWS CLI

01 Run describe-db-instances command (OSX/Linux/UNIX) to list all RDS database names, available in the selected AWS region: 

aws rds describe-db-instances
	--region us-east-1
	--query 'DBInstances[*].DBInstanceIdentifier'

02 The command output should return each database instance identifier (name): 

[
    "prod-mysql-database"
]

03 Run again describe-db-instances command (OSX/Linux/UNIX) using the RDS instance identifier returned earlier, to determine the database instance class (type): 

aws rds describe-db-instances
	--region us-east-1
	--db-instance-identifier prod-mysql-database
	--query 'DBInstances[*].DBInstanceClass'

04 The command output should return the type of the selected RDS database instance: 

[
    "db.t1.micro"
]

If the selected instance is using a previous generation class (check the Audit section table), we highly recommend to upgrade the instance to its latest generation equivalent (see Remediation/Resolution section).

05 Repeat steps no. 1 – 4 for each RDS instance provisioned in the current region. Change the AWS region by using the --region filter to repeat the process for other regions.

Remediation / Resolution

The following table will help you choose the current generation instance type for your previous generation database instances during the upgrade process:

Previous Generation DB Instance Types Current Generation DB Instance Types
db.m1.small | db.m1.medium
db.m1.large | db.m1.xlarge		 db.t2.small | db.t2.medium
db.t2.large | db.m3.xlarge
db.m2.xlarge | db.m2.2xlarge
db.m2.4xlarge | db.cr1.8xlarge		 db.r3.large | db.r3.xlarge
db.r3.2xlarge | db.r3.8xlarge
db.t1.micro db.t2.micro

To upgrade your previous generation instances to their latest generation equivalents, perform the following:

Using AWS Console

01 Login to the AWS Management Console.

02 Navigate to EC2 dashboard at https://console.aws.amazon.com/rds/.

03 In the navigation panel, under RDS Dashboard, click Instances.

04 Select the RDS instance that you want to upgrade.

05 Click Instance Actions button from the dashboard top menu and select Modify.

06 On the Modify DB Instance: <instance identifier> page, under Instance Specifications section, select the previous generation instance type equivalent from the DB Instance Class dropdown list:

select the previous generation instance type equivalent from the DB Instance Class dropdown list

07 At the bottom of the page, check Apply Immediately to apply the instance class change immediately.
(!) IMPORTANT: when you upgrade (resize) the instance class (type), an immediate outage will occur. If the selected database instance is used in production consider leaving Apply Immediately option disabled before applying the changes in order to avoid any downtime. If Apply Immediately is not selected, the instance type upgrade will be processed during the next maintenance window.

08 Click Continue.

09 Review the changes and click Modify DB Instance. During the upgrade process the instance status should change from available to modifying and back to available (it may take few minutes depending on the instance configuration). Once the upgrade is complete, the instance type should be updated on the details page.

10 Repeat steps no. 4 – 9 for each RDS instance available in the current region. Change the AWS region from the navigation bar to repeat the process for other regions.

Using AWS CLI

01 Run describe-db-instances command (OSX/Linux/UNIX) to list all RDS database names (identifiers), available in the selected AWS region: 

aws rds describe-db-instances
	--region us-east-1
	--query 'DBInstances[*].DBInstanceIdentifier'

02 The command output should return each database instance identifier: 

[
    "prod-mysql-database"
]

03 Run modify-db-instance command (OSX/Linux/UNIX) to resize the selected RDS instance and upgrade it to the latest generation class. The following example is using the –apply-immediately option to apply the change asynchronously and trigger an immediate outage. In order to avoid any downtime in production, skip adding the –apply-immediately parameter and the RDS service will apply the change during the next maintenance window: 

aws rds modify-db-instance
	--region us-east-1
	--db-instance-identifier prod-mysql-database
	--db-instance-class db.t2.micro
	--apply-immediately

04 The command output should reveal the configuration metadata for the RDS instance with the new instance type as pending modified value (highlighted): 

{
    "DBInstance": {
        "PubliclyAccessible": true,
        "MasterUsername": "webappdb",
        "MonitoringInterval": 0,
        "LicenseModel": "general-public-license",
        ... 
        "PendingModifiedValues": {
            "DBInstanceClass": "db.t2.micro"
        },
  	   ...
        "DbiResourceId": "db- N6AMHA3BZF4IPV72DN7ZDEYQEM",
        "CACertificateIdentifier": "rds-ca-2015",
        "StorageEncrypted": false,
        "DBInstanceClass": "db.t1.micro",
        "DbInstancePort": 0,
        "DBInstanceIdentifier": "prod-mysql-database"
    }
}

05 Once the process is complete (it may take few minutes depending on the instance configuration), run describe-db-instances command (OSX/Linux/UNIX) using the database identifier to check if the selected instance class has been successfully changed: 

aws rds describe-db-instances
	--region us-east-1
	--db-instance-identifier prod-mysql-database
	--query 'DBInstances[*].DBInstanceClass'

06 The command output should return the new class name for the RDS database instance: 

[
    "db.t2.micro"
]

07 Repeat steps no. 1 – 6 for each RDS instance provisioned in the current region. Change the AWS region by using the --region filter to repeat the process for other regions.

References

Publication date May 5, 2016

Related RDS rules

Unlock the Remediation Steps

Gain free unlimited access
to our full Knowledge Base

Over 750 rules & best practices
for AWS and Azure

You are auditing:

DB Instance Generation

Risk level: Medium