CloudWiki
Rules
Low

Ensure RDS instances have Performance Insights feature enabled

Security & Compliance
HITRUST
NIST 800-53
GDPR
CSA CCM
Description

To ensure optimal performance and identify potential issues in your AWS RDS MySQL and PostgreSQL database instances, it is recommended that you enable the Performance Insights feature. AWS RDS Performance Insights provides instant visibility into database workloads and helps to identify the root cause of performance problems. With Performance Insights enabled, you can monitor database load in real time using an intuitive dashboard, allowing you to detect and resolve performance bottlenecks quickly. The feature can help you to identify issues such as high CPU consumption, lock waits, or I/O latency, and pinpoint the SQL queries responsible for them. Performance Insights is currently available for Amazon Aurora (MySQL and PostgreSQL-compatible editions), AWS RDS MySQL, and AWS RDS PostgreSQL database engines. Enabling Performance Insights can help you gain a better overview of your databases' performance, and is an essential step in maintaining optimal performance and adherence to AWS best practices.

Remediation

To ensure that AWS RDS MySQL and PostgreSQL database instances have Performance Insights feature enabled, you can follow the below remediation steps:

  1. Open the Amazon RDS console and choose the RDS instance you want to modify.
  2. Click on the "Modify" button.
  3. Scroll down to the "Performance Insights" section.
  4. Check the box next to "Enable Performance Insights".
  5. Choose the desired retention period and time zone for the performance data.
  6. Click on "Continue" and review the changes.
  7. Click on "Modify DB instance" to save the changes.

Alternatively, you can use the AWS CLI or SDK to enable Performance Insights for your RDS instances.

Enforced Resources
RDS
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.