Other Articles
- IAM - Enable User MFA
- IAM - Enforce Key Rotation
- IAM - Enforce Active Key Limit
- IAM - Disable Unused User Credentials
- IAM - Enforce Group Permission
- IAM - Enforce Password Length
- IAM - Prohibit Password Reuse
- IAM - Check Root Access Keys Existence
- IAM - Enable Root MFA
- IAM - Establish Support Role
- IAM - Enable Key Rotation
- Purge Expired Certificates
- EC2 Volume – Enable EBS Volume Backup
- EC2 Volume – Enable EBS Encryption
- EFS – Enable EFS Storage Backup
- S3 Bucket – Enable S3 Bucket Versioning
- S3 Bucket – Enable S3 Bucket Encryption
- S3 Bucket – Block S3 Bucket Public Access
- RDS DB Instance – Encryption of Storage
- RDS DB Instance – Enable Deletion Protection
- DynamoDB Table – Enable Table Encryption
- DynamoDB Table – Enable Table Point In Time Recovery
- DynamoDB Table – Enable Table Deletion Protection
- EC2 Instance – Monitor CPU Utilization
- ECS Service – Monitor CPU Utilization
- ECS Service – Monitor Memory Utilization
- RDS DB Instance – Monitor Free Storage Space
- RDS DB Instance – Monitor CPU Utilization
- SQS Queue – Monitor Message Age
- SQS Queue – Monitor Message Visibility
- DynamoDB Table – Monitor Table Read Capacity
- DynamoDB Table – Monitor Table Write Capacity
- DynamoDB Table – Monitor Table Latency
- Enable CloudTrail
- Encrypt CloudTrail Logs
- EC2 VPC – Ensure Flow Logs are Enabled
- RDS DB Instance – Block Public Access
- EC2 Instance – Enable Deletion Protection
- ECS Service – Enable Auto Scaling
- Enable AWS Security Hub
- Enable GuardDuty
RDS DB Instance – Enable Auto Minor Version Upgrade
Secure Configuration Checks > AWS
This check ensures that automatic minor version upgrades are enabled for Amazon RDS database instances. Enabling this setting helps keep databases up to date with security patches and minor feature improvements with minimal operational effort.
Check Details
- Resource: RDS DB Instance
- Check: Enable auto minor version upgrade
- Risk: Missing important security patches and minor database fixes
Remediation via AWS Console
-
Log in to the AWS Management Console and navigate to the Amazon RDS dashboard.
- In the left navigation pane, click Databases.
- Select the RDS instance that you want to update.
-
Click the Modify button at the top-right of the page.
-
Scroll down to the Maintenance section and enable Auto minor version upgrade.
- Scroll to the bottom of the page, click Continue, then choose Modify DB instance.
Remediation via AWS CLI
-
Log in to the AWS Management Console and click the CloudShell icon (
>_) in the top-right corner.
-
List all RDS instances in the selected AWS region:
aws rds describe-db-instances \ --region <region-name> \ --query 'DBInstances[*].DBInstanceIdentifier'
-
Enable automatic minor version upgrades for the selected database (apply immediately):
aws rds modify-db-instance \ --region <region-name> \ --db-instance-identifier <db-instance-identifier> \ --auto-minor-version-upgrade \ --apply-immediately
-
Verify that auto minor version upgrades are enabled:
aws rds describe-db-instances \ --region <region-name> \ --db-instance-identifier <db-instance-identifier> \ --query 'DBInstances[*].AutoMinorVersionUpgrade'
Confirm the output returns true, indicating that automatic minor version upgrades are enabled for the RDS instance.
Updated on 06 March, 2026