AWS RDS Audit
Number of APIs: 3
A simple collection to monitor RDS Instances. Auditing environments involves the following steps:
- Fetch all instances using the provided access key id and secret token.
- If there are additional instances to be fetched beyond the response of the first fetch request, extract the pagination token from the response and use it to repeat the fetch request.
- Once there are no more instances to be fetched, save the list of instances as an environment variable.
- Iterate over the list, repeating the configuration description request for each instance in the list. Once the config for an instance is known, compare it to a set of expected results to ensure compliance.
PS: This collection is most useful when run as a monitor, so as to run such audits on a periodic basis. You can also configure the inbuilt Slack integration for Qodex monitors, so as to recieve instance alerts when things are amiss.
Required environment variables:
This collection requires the following environment variables:
Name | Description | Required |
---|---|---|
id | The access key id for the audit AWS user | Yes |
key | The secret access key for the audit AWS user | Yes |
awsRegion | The region to audit environments in. Defaults to us-east-1 | No |
maxRecords | The number of environments to retrieve per fetch call. Defaults to 100 (max) | No |
-
Describe RDS Instances GET https://rds.{{awsRegion}}.amazonaws.com/?Operation=DescribeDBInstances&Version=2014-10-31&MaxRecords={{maxRecords}}&Marker={{marker}}
-
Check RDS Instance tags GET https://rds.{{awsRegion}}.amazonaws.com/?Operation=ListTagsForResource&Version=2014-10-31&ResourceName={{arn}}
-
Get Metric Statistics: FreeStorageSpace GET https://monitoring.{{awsRegion}}.amazonaws.com/?Dimensions.member.1.Name=DBInstanceIdentifier&Dimensions.member.1.Value={{dbIdentifier}}&MetricName=FreeStorageSpace&Namespace=AWS/RDS&Operation=GetMetricStatistics&Period={{secPerDay}}&Statistics.member.1=Average&Unit=Bytes&Version=2010-08-01&StartTime={{startTime}}&EndTime={{endTime}}