Enable Amazon RDS Storage AutoScaling

Risk level: Medium (should be achieved)

Rule ID: RDS-041

Ensure that your Amazon Relational Database Service (RDS) instances have Storage AutoScaling feature enabled in order to provide dynamic scaling support for the database's storage based on your application needs. Enabling RDS Storage AutoScaling will allow the storage to increase once the configured threshold is exceeded. The following types of RDS support Storage Auto Scaling: Amazon RDS for MariaDB, Amazon RDS for MySQL, Amazon RDS for PostgreSQL, Amazon RDS for SQL Server and Amazon RDS for Oracle.

This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS

Performance
efficiency

With RDS Storage AutoScaling feature enabled, when Amazon RDS detects that your database is running out of disk space it automatically scales up your database instance storage. For example, you can use this feature for a new mobile application that users are adopting rapidly. In this case, a rapidly increasing workload might exceed the available database storage. To avoid having to manually scale up database storage, enable Amazon RDS Storage AutoScaling.

Audit

To determine if RDS Storage AutoScaling feature is enabled for your Amazon RDS database instances, perform the following actions:

Using AWS Console

01 Sign in to AWS Management Console.

02 Navigate to the RDS dashboard at https://console.aws.amazon.com/rds/.

03 In the left navigation panel, under Amazon RDS, click Databases.

04 Choose the RDS database instance that you want to examine and click on the resource name (link) available in the DB identifier column.

05 On the instance details page, select Configuration tab and check the Storage autoscaling configuration attribute value available in the Storage section. If the attribute value is set to Disabled, the RDS Storage AutoScaling feature is not enabled for the selected Amazon RDS database instance.

06 Repeat step no. 4 and 5 to check the RDS Storage AutoScaling status for other database instances provisioned in the current region.

07 Change the AWS region from the navigation bar and repeat the process for other regions.

Using AWS CLI

01 Run describe-db-instances command (OSX/Linux/UNIX) using custom query filters to list the names (identifiers) of all RDS database instances available in the selected AWS region:

aws rds describe-db-instances
	--region us-east-1
	--output table
	--query 'DBInstances[*].DBInstanceIdentifier'

02 The command output should return a table with the requested RDS instance names:

-----------------------------
|    DescribeDBInstances    |
+---------------------------+
|   cc-mysql-db-instance    |
|   cc-aurora-db-instance   |
+---------------------------+

03 Execute describe-db-instances command (OSX/Linux/UNIX) using the name of the database instance that you want to examine as identifier parameter and custom query filters to get the maximum allocated storage threshold configured for the RDS Storage AutoScaling feature, for the selected RDS database instance:

aws rds describe-db-instances
	--region us-east-1
	--db-instance-identifier cc-mysql-db-instance
	--query 'DBInstances[*].MaxAllocatedStorage'

04 The command output should return the maximum storage threshold configured:

[]

If the describe-db-instances command output returns null or an empty array ([]), as shown in the example above, there is no maximum storage threshold configured for the RDS Storage AutoScaling, therefore the feature is not enabled for the selected Amazon RDS database instance.

05 Repeat step no. 3 and 4 to determine the RDS Storage AutoScaling status for other database instances available in the selected region.

06 Change the AWS region by updating the --region command parameter value and repeat steps no. 1 – 5 to perform the audit process for other regions.

Remediation / Resolution

To enable and configure RDS Storage AutoScaling feature for your existing Amazon RDS database instances, perform the following actions:

Using AWS Console

01 Sign in to AWS Management Console.

02 Navigate to the RDS dashboard at https://console.aws.amazon.com/rds/.

03 In the left navigation panel, under Amazon RDS, click Databases.

04 Select the RDS database instance that you want to reconfigure (see Audit section part I to identify the right resource).

05 Click the Modify button from the RDS dashboard top menu.

06 On the Modify DB Instance: <instance-identifier> page, within Instance specifications section, perform the following commands:

Under Storage autoscaling, select Enable storage autoscaling checkbox to activate the RDS Storage AutoScaling feature for the selected database instance.
For Maximum storage threshold, provide the maximum storage threshold required by planned workload of the selected database instance.
Click Continue to continue the reconfiguration process.

07 Within the Summary of modifications section, carefully review the configuration changes that you want to apply to the instance.

08 In the Scheduling of modifications section, perform one of the following actions based on your requirements:

Select Apply during the next scheduled maintenance window to apply the changes automatically during the next scheduled maintenance window.
Select Apply immediately to apply the changes right away. With this option any pending modifications will be asynchronously applied as soon as possible, regardless of the maintenance window setting for this RDS database instance. Note that any changes available in the pending modifications queue are also applied. If any of the pending modifications require downtime, choosing this option can cause unexpected downtime for your application.

09 Click Modify DB Instance to apply the configuration changes. Once the Storage AutoScaling feature is enabled, Amazon RDS would start a storage modification for the specified database instance when these factors apply:

Free available space is less than 10 percent of the allocated instance storage.
The low-storage condition lasts at least 5 minutes.
At least 6 hours have passed since the last storage modification.

The additional storage is in increments of whichever of the following is greater:

5 GiB.
10 percent of currently allocated instance storage.
Storage growth prediction for 7 hours based on the FreeStorageSpace metrics change in the past hour.

10 Repeat steps no. 4 – 9 to enable RDS Storage AutoScaling for other Amazon RDS database instances provisioned in the current region.

11 Change the AWS region from the navigation bar and repeat the process for other regions.

Using AWS CLI

01 Run modify-db-instance command (OSX/Linux/UNIX) to enable the Amazon RDS Storage AutoScaling feature for the selected database instance (see Audit section part II to identify the right instance) by setting the upper limit on storage size, in GiB, using the --max-allocated-storage parameter. The following command example makes use of --apply-immediately parameter to apply the configuration changes asynchronously, as soon as possible. Any changes available in the pending modifications queue are also applied with this request. If any of the pending modifications require downtime, choosing this option can cause unexpected downtime for your application. If you skip adding the --apply-immediately parameter to the command request, Amazon RDS service will apply your changes during the next maintenance window:

aws rds modify-db-instance
	--region us-east-1
	--db-instance-identifier cc-mysql-db-instance
	--max-allocated-storage 150
	--apply-immediately

02 The command output should return the new configuration metadata for the modified RDS database instance:

{
    "DBInstance": {
        "PubliclyAccessible": false,
        "LicenseModel": "general-public-license",
        "InstanceCreateTime": "2020-01-08T10:02:29.921Z",
        "PendingModifiedValues": {},
        "Engine": "mysql",
        "LatestRestorableTime": "2020-01-08T11:10:00Z",
        "DBInstanceStatus": "available",
        "IAMDatabaseAuthenticationEnabled": false,
        "EngineVersion": "5.7.22",

        ...

        "MaxAllocatedStorage": 60,

        ...

        "DeletionProtection": false,
        "AvailabilityZone": "us-east-1a",
        "DomainMemberships": [],
        "StorageType": "gp2",
        "CACertificateIdentifier": "rds-ca-2019",
        "StorageEncrypted": true,
        "AssociatedRoles": [],
        "DBInstanceClass": "db.m3.medium",
        "DBInstanceIdentifier": "cc-mysql-db-instance"
    }
}

03 Repeat step no. 1 and 2 to enable RDS Storage AutoScaling for other Amazon RDS database instances available in the selected region.

04 Change the AWS region by updating the --region command parameter value and repeat the entire process for other regions.

References

AWS Documentation
Amazon RDS FAQs
Working with storage for Amazon RDS DB instances
Modifying an Amazon RDS DB instance

AWS Command Line Interface (CLI) Documentation
rds
describe-db-instances
modify-db-instance

Publication date Dec 14, 2020

Unlock the Remediation Steps

Gain free unlimited access
to our full Knowledge Base

Over 750 rules & best practices
for and

You are auditing:

Enable Amazon RDS Storage AutoScaling

Risk level: Medium

Audit

Using AWS Console

Using AWS CLI

Remediation / Resolution

Using AWS Console

Using AWS CLI

References

Related RDS rules