AWS RDS Audit

Number of APIs: 3

A simple collection to monitor RDS Instances. Auditing environments involves the following steps:

1. Fetch all instances using the provided access key id and secret token.
2. If there are additional instances to be fetched beyond the response of the first fetch request, extract the pagination token from the response and use it to repeat the fetch request.
3. Once there are no more instances to be fetched, save the list of instances as an environment variable.
4. Iterate over the list, repeating the configuration description request for each instance in the list. Once the config for an instance is known, compare it to a set of expected results to ensure compliance.

PS: This collection is most useful when run as a monitor, so as to run such audits on a periodic basis. You can also configure the inbuilt Slack integration for Qodex monitors, so as to recieve instance alerts when things are amiss.

Required environment variables:

This collection requires the following environment variables:

1. Describe RDS Instances GET https://rds.{{awsRegion}}.amazonaws.com/?Operation=DescribeDBInstances&Version=2014-10-31&MaxRecords={{maxRecords}}&Marker={{marker}}

2. Check RDS Instance tags GET https://rds.{{awsRegion}}.amazonaws.com/?Operation=ListTagsForResource&Version=2014-10-31&ResourceName={{arn}}

3. Get Metric Statistics: FreeStorageSpace GET https://monitoring.{{awsRegion}}.amazonaws.com/?Dimensions.member.1.Name=DBInstanceIdentifier&Dimensions.member.1.Value={{dbIdentifier}}&MetricName=FreeStorageSpace&Namespace=AWS/RDS&Operation=GetMetricStatistics&Period={{secPerDay}}&Statistics.member.1=Average&Unit=Bytes&Version=2010-08-01&StartTime={{startTime}}&EndTime={{endTime}}