Skip to content

Update AWS RDS Engine Major Version

Description

A newer major version of an Amazon AWS Relational Database Service instance is available. Some databases have relatively short support lifecycles, verify that your version is still in support. Also, each new version typically has security and other improvements which you may want to take advantage of.

Rationale

If the major version of your database server is out of support, then you will no longer get security patches, the system will be out of compliance, and it may be vulnerable to attackers. If your version is still in support, but a newer version is available, staying on the most recent version helps prevent attacks.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds

Default Rule

const { isAwsRdsCluster, isAwsRds } = aws
const { isEmptyArray } = module

/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if database instance has not a major version to update
 */
function validate(databaseSettings) {

    const instance = isAwsRds(databaseSettings) || isAwsRdsCluster(databaseSettings)
    const success = instance &&
            (isEmptyArray(instance.dbEngineVersions) ||
            instance.dbEngineVersions.every(engineVersion => {
                return engineVersion.validUpgradeTarget.length == 0 ||
                    engineVersion.validUpgradeTarget.every(validUpgradeTarget => {
                        return !validUpgradeTarget.isMajorVersionUpgrade
                    })
            }))

    return {
        success,
    }
}

// invoke
validate(databaseSettings);