CloudWiki
Rules
Medium

Ensure Database Migration Service (DMS) replication instances have Auto Minor Version Upgrade feature enabled

Security & Compliance
APRA
MAS
NIST4
Description

To ensure that your Amazon Database Migration Service (DMS) replication instances receive minor engine upgrades automatically, it is important to enable the Auto Minor Version Upgrade feature. These upgrades are applied to DMS replication instances during system maintenance windows, which are defined by the day of the week, time of day, and time zone (UTC by default). Each minor version upgrade is fully available only after it is approved by Amazon Web Services. Amazon Database Migration Service is a managed web service that enables you to migrate data from a source database to a target database. To initiate the connection between the two data stores, transfer the data, and cache any changes that occur on the source data store during the initial data load, an AWS DMS replication instance is used. The DMS service regularly releases engine version upgrades to introduce new software features, bug fixes, security patches, and performance improvements.

Remediation

To ensure that your Amazon Database Migration Service (DMS) replication instances have the Auto Minor Version Upgrade feature enabled, you can follow these remediation steps:

  1. Enable Auto Minor Version Upgrade: Navigate to your DMS replication instance configuration and enable the Auto Minor Version Upgrade feature.
  2. Configure Maintenance Window: Ensure that a maintenance window is set up for your replication instance that suits your organization's operational requirements. During this maintenance window, DMS will automatically apply engine version upgrades and patches.
  3. Monitor Replication Status: Monitor the replication status of your DMS replication instance to ensure that the upgrades and patches are applied successfully.
  4. Verify Compatibility: Verify that your applications and data stores are compatible with the upgraded DMS engine version.

By implementing these remediation steps, you can ensure that your DMS replication instances receive minor engine upgrades automatically, providing new software features, bug fixes, security patches, and performance improvements. This will help to ensure that your replication instances are up-to-date, secure, and efficient.

Enforced Resources
DMS
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.