Automatic Minor Upgrades Disabled
- Query id: 857f8808-e96a-4ba8-a9b7-f2d4ec6cad94
- Query name: Automatic Minor Upgrades Disabled
- Platform: Ansible
- Severity: Low
- Category: Best Practices
- CWE: Ongoing
- URL: Github
Description¶
RDS instance should have automatic minor upgrades enabled, which means the attribute 'auto_minor_version_upgrade' must be set to true.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
---
- name: community - create minimal aurora instance in default VPC and default subnet group
community.aws.rds_instance:
engine: aurora
db_instance_identifier: ansible-test-aurora-db-instance
instance_type: db.t2.small
password: "{{ password }}"
username: "{{ username }}"
cluster_id: ansible-test-cluster
auto_minor_version_upgrade: false
- name: community - Create a DB instance using the default AWS KMS encryption key
community.aws.rds_instance:
id: test-encrypted-db
state: present
engine: mariadb
storage_encrypted: True
db_instance_class: db.t2.medium
username: "{{ username }}"
password: "{{ password }}"
allocated_storage: "{{ allocated_storage }}"
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: negative - create minimal aurora instance in default VPC and default subnet group
community.aws.rds_instance:
engine: aurora
db_instance_identifier: ansible-test-aurora-db-instance
instance_type: db.t2.small
password: '{{ password }}'
username: '{{ username }}'
cluster_id: ansible-test-cluster
auto_minor_version_upgrade: true
- name: negative - Create a DB instance using the default AWS KMS encryption key
community.aws.rds_instance:
id: test-encrypted-db
state: present
engine: mariadb
storage_encrypted: true
db_instance_class: db.t2.medium
username: '{{ username }}'
password: '{{ password }}'
allocated_storage: '{{ allocated_storage }}'
auto_minor_version_upgrade: yes
- name: negative - Create a DB instance using the default AWS KMS encryption key
community.aws.rds_instance:
id: test-encrypted-db
state: present
engine: mariadb
storage_encrypted: true
db_instance_class: db.t2.medium
username: '{{ username }}'
password: '{{ password }}'
allocated_storage: '{{ allocated_storage }}'
auto_minor_version_upgrade: true