22
Resources
19
Total Findings
62
Rules Executed
82
Unique Rules
0
Exception
77.052s
Timespent
Summary
RDS Price
RDS Price per Engine
RDS Price per Deployment Option
Filter
MYSQL__LogsGeneral
Performance Efficiency- Description
- [Logging] 1 of your production RDS MySQL resources including RDS instances, RDS Aurora instances, and RDS Aurora clusters are setup to log all statements or all queries. This will cause excessive amount of logging potentially leading to higher storage and IOPS utilization. Excessive logging can deprvie your application workload of IOPS. In case of Aurora, temporary file are created on temporary EBS volume, which has limited storage and IOPS capacity. Therefore in case of Aurora the risk is even higher. For Aurora MySQL clusters, this parameter can be changed in DB Parameter Group for instance or DB Cluster Parameter group attached to cluster level. If you have already set it at cluster level, it will be applicable to all instances in the cluster and this recommendation can be ignored for those instances.
- Resources
- us-east-1: aurora-mysql::Cluster=myaurora-mysql-ww
- Label
- Have Downtime
- Recommendation
- MySQL Logs
DeleteProtectionCluster
Operation Excellence- Description
- Deletion Protection is not enabled for 1 Aurora clusters. This can lead to accidental deletion of Production database. Enable deletion protection to ensure that production databases are not accidentally deleted.
- Resources
- us-east-1: aurora-mysql::Cluster=myaurora-mysql-ww
- Recommendation
- Delete Protection - Cluster
BackupTooLow
Reliability- Description
- Backup Retention: You have 1 production instances which have sub-optimal backup retention period. Set your backup retention to at least 7 days for your production instance/cluster. Please note that longer backup retention will lead to additional cost.
- Resources
- us-east-1: aurora-mysql::Cluster=myaurora-mysql-ww
- Label
- Cost Incurred
- Recommendation
- Free backup storage up to allocated
- Guide
MultiAZ
Reliability- Description
- High Availability: You have 1 production instances/clusters which are not configured to be tolerant to issues in an Availability Zone. Reconfigure production RDS instances to Multi-AZ. For Aurora clusters, have at least two instances (one each in a different availability zone). Enabling multi-AZ for RDS cluster and adding another instance will lead to additional cost. Converting a single-AZ instance to multi-AZ instances will avoid downtime but you can experience performance impact. You should perform this operation during off-peak hours. You can also create a read replica in a different AZ and then perform a failover.
- Resources
- us-east-1: aurora-mysql::Cluster=myaurora-mysql-ww
- Label
- Performance Impact Cost Incurred
- Recommendation
- What Is MultiAZ
- Guide
EnhancedMonitor
Operation Excellence- Description
- OS Monitoring: 1 of your instances have sub-optimal settings for Enhanced Monitoring. Enable Enhanced Monitoring for all your production instances with at least 30 seconds monitoring interval. Enhanced Monitoring uses an agent to collect information that is stored in CloudWatch. Lower granularity allows more details to be collected, which can be helpful while debugging performance issues. Enabling Enhanced Monitoring will lead to additional cost for CloudWatch. More granularity causes more details to be logged to CloudWatch.
- Resources
- us-east-1: aurora-mysql::Cluster=myaurora-mysql-ww
- Label
- Performance Impact (maybe) Cost Incurred
- Recommendation
- Enable Enhanced Monitoring
EngineVersionMinor
Security- Description
- Patch Currency: 1 of your instances/cluster are on an older patch level. This exposes your instances/cluster to be exploited for known vulnerabilities. Apply the latest patch to avoid running into known issues or being exploited for known vulnerabilities. Perform proper testing before applying a patch in production environment.
- Resources
- us-east-1: aurora-mysql::Cluster=myaurora-mysql-ww
- Label
- Have Downtime Testing Required Performance Impact (maybe)
- Recommendation
- Guide
EngineVersionMajor
Security- Description
- Version Currency: 1 instances/clusters are on an older version. Upgrade to the latest version to get access to new features. You should perform proper testing before upgrading the production environment. There are different options to perform major version upgrades and your choices will depend on architecture, schema and workload. If you choose to upgrade by setting up replication, you may incur additional cost for replication (e.g. when using DMS) and for additional instances.
- Resources
- us-east-1: aurora-mysql::Cluster=myaurora-mysql-ww
- Label
- Have Downtime (maybe) Testing Required Performance Impact (maybe)
- Recommendation
- Guide
EnableStorageAutoscaling
Reliability- Description
- [Reliablity] You have 1 RDS/Aurora does not have storage autoscaling enabled. With storage autoscaling enabled, when Amazon RDS detects that you are running out of free database space it automatically scales up your storage. Amazon RDS starts a storage modification for an autoscaling-enabled DB instance when these factors apply: (1) Free available space is less than or equal to 10 percent of the allocated storage. (2) The low-storage condition lasts at least five minutes. (3) At least six hours have passed since the last storage modification, or storage optimization has completed on the instance, whichever is longer.
- Resources
- us-east-1: aurora-mysql::Cluster=myaurora-mysql-ww
- Label
- Have Downtime (maybe)
- Recommendation
- Understand RDS Storage auto scaling
DefaultMasterAdmin
Security- Description
- [Login Info] 1 of your RDS are using default master admin. To make change, you first need to create a snapshot and create a new database instance from the snapshot with new --master-username parameter
- Resources
- us-east-1: aurora-mysql::Cluster=myaurora-mysql-ww
- Label
- Have Downtime
- Recommendation
- RDS Master Accounts
MYSQL__parammInnodbStatsPersistent
Performance Efficiency- Description
- [MySQL Parameter] 1 of your RDS MySQL resources including RDS instances, RDS Aurora instances, and RDS Aurora clusters are running with innodb_stats_persistent switched off. Setting it ON (default) ensures that optimizer statistics that are persisted across instance restart. This can be helpful in debugging performance issues. For Aurora MySQL clusters, this parameter can be changed in DB Parameter Group for instance or DB Cluster Parameter group attached to cluster level. If you have already set it at cluster level, it will be applicable to all instances in the cluster and this recommendation can be ignored for those instances.
- Resources
- us-east-1: aurora-mysql::Cluster=myaurora-mysql-ww
- Label
- Have Downtime
- Recommendation
- Aurora_Lab_Mode
MYSQL__param_innodbFlushTrxCommit
Reliability- Description
- [Transaction Durability] 1 of your RDS MySQL instances, and RDS Aurora clusters are running with innodb_flush_log_at_trx_commit set to less durable setting. This parameter ensures that MySQL writes transactions to redo log upon every commit. In case of Aurora this parameter ensures that every commit will wait for acknowledgement from a quorum of 4 out of 6 storage copies. Switching off this parameter can offer performance gain but increases risk of data loss. Switching off this parameter can offer performance gain but increases risk of data loss. You should test the impact of this parameter on your performance and RPO before making changes.
- Resources
- us-east-1: aurora-mysql::Cluster=myaurora-mysql-ww
- Label
- Have Downtime Testing Required Performance Impact Cost Incurred (maybe)
- Recommendation
- MySQL Param Best Practices
MYSQL__parammAutoCommit
Reliability- Description
- [MySQL Parameter] 1 of your RDS MySQL resources including RDS instances, RDS Aurora instances, and RDS Aurora clusters are running with autocommit disabled. When autocommit is enabled, MySQL automatically commits transactions. Switching off may have an impact on how your applications transactions are committed and can cause functional isssue. You should do proper functional testing when changing this parameter. For Aurora MySQL clusters, this parameter can be changed in DB Parameter Group for instance or DB Cluster Parameter group attached to cluster level. If you have already set it at cluster level, it will be applicable to all instances in the cluster and this recommendation can be ignored for those instances.
- Resources
- us-east-1: aurora-mysql::Cluster=myaurora-mysql-ww
- Label
- Have Downtime Testing Required Performance Impact (maybe)
- Recommendation
- RDS MySQL Autocommit
MYSQL__innodb_open_files
Performance Efficiency- Description
- [Performance] You have 1 RDS MySQL instance(s) is having innodb_open_files parameter is set to less than 65. The innodb_open_files parameter controls the number of files InnoDB can open at one time. InnoDB opens all of the log and system tablespace files when mysqld is running. Your DB instance has a low value for the maximum number of files InnoDB can open at one time. We recommend that you set the innodb_open_files parameter to a minimum value of 65.
- Resources
- us-east-1: aurora-mysql::Cluster=myaurora-mysql-ww
- Label
- Have Downtime Testing Required
- Recommendation
- Mysql Doc on innodb_open_files
- AWS view on innodb_open_files
MYSQL__param_syncBinLog
Reliability- Description
- [Transaction Durability] 1 of your RDS MySQL RDS instances are running with sync_binlog set to less durable setting. This parameter ensures that transaction commits are made durable to binlog synchronously before commit is confirmed. Switching off this parameter can offer performance gain but increases risk of data loss. You should test the impact of this parameter on your performance and RPO before making changes.
- Resources
- us-east-1: aurora-mysql::Cluster=myaurora-mysql-ww
- Label
- Have Downtime Testing Required Performance Impact Cost Incurred (maybe)
- Recommendation
- What Is
Aurora__ClusterSize
Reliability- Description
- [Aurora High Availability] You have 1 clusters which have less than 2 or more than 7 instances in the cluster. With out a read-replica, when your writer goes down, failover may take longer. For better availability you should place Aurora read replica in a different availability zone than the writer node. Adding too many read replica can put extra pressure on the writer node (to send changes to read-replicas). Make sure that you have at least a read replica (avoid more than 7) for all your production Aurora clusters.
- Resources
- us-east-1: aurora-mysql::Cluster=myaurora-mysql-ww
- Label
- Cost Incurred
- Recommendation
- Add Clusters
- Delete Clusters
AuroraStorageTypeOK
Cost Optimization- Description
- [Aurora Rightsizing] You have 1 Aurora Cluster(s) are operating in cost-efficient storageType setting in the cluster
- Resources
- us-east-1: aurora-mysql::Cluster=myaurora-mysql-ww
- Recommendation
- Choosing Aurora StorageType
- About Aurora StorageType
SecurityGroupDefault
Security- Description
- [RDS Security Group] AWS does not recommend using the default security group. Because the default security group cannot be deleted, you should change the default security group rules setting to restrict inbound and outbound traffic. This prevents unintended traffic if the default security group is accidentally configured for resources such as EC2 instances.
- Resources
- us-east-1: RDS_SG::sg-0fe800a9602ab25ff
- Label
- Testing Required (maybe)
- Recommendation
- Default Security Group
Secret__NoRotation
Security- Description
- [Secrets Manager] Rotation is the process of periodically updating a secret. When you rotate a secret, you update the credentials in both the secret and the database or service. In Secrets Manager, you can set up automatic rotation for your secrets.
- Resources
- us-east-1: SecretsManager::admin_cow_secret
- Label
- Have Downtime Cost Incurred
- Recommendation
- Managed Secret Rotation
Secret__NotUsed7days
Operation Excellence- Description
- [Secrets Manager] You have 1 secrets not in used in the past 7 days. Please review and removed it if it not in used to ease future operation
- Resources
- us-east-1: SecretsManager::admin_cow_secret
- Label
- Testing Required (maybe)
- Recommendation
- Delete a secet
Detail
us-east-1
1. Cluster=myaurora-mysql-ww
| Check | Current Value | Recommendation |
|---|---|---|
| MYSQL__LogsGeneral | ALL | Disable General Logs |
| DeleteProtectionCluster | Off | Enable Delete Protection |
| BackupTooLow | 1 | Enable backup >= 7 days |
| MultiAZ | Off | Enable MultiAZ |
| EnhancedMonitor | On | Enable Enhanced Monitoring |
| EngineVersionMinor | 5.7.mysql_aurora.2.11.2 | Minor version available |
| EngineVersionMajor | 5.7.mysql_aurora.2.11.2 | Major version available |
| EnableStorageAutoscaling | None | Enable storage autoscaling |
| DefaultMasterAdmin | aurora-mysql::admin | Rename Admin |
| MYSQL__parammInnodbStatsPersistent | None | Set value to ON |
| MYSQL__param_innodbFlushTrxCommit | null | Set value to 1 |
| MYSQL__parammAutoCommit | None | Set value to ON |
| MYSQL__innodb_open_files | Configured: 0, Recommended: 65 | Set the innodb_open_files parameter to a minimum value of 65 |
| MYSQL__param_syncBinLog | null | Set value to 1 |
| Aurora__ClusterSize | 1 | Resize number of additional clusters |
| AuroraStorageTypeOK | Type: aurora [Ratio=ioCnt(million)/volumeSize(GB)] [0.0=0.0/0.1] |
(Informational) Cluster IO/Storage Ratio |
2. sg-0fe800a9602ab25ff
| Check | Current Value | Recommendation |
|---|---|---|
| SecurityGroupDefault | myaurora-mysql-ww | Create custom Security Group |
3. admin_cow_secret
| Check | Current Value | Recommendation |
|---|---|---|
| Secret__NoRotation | None | Setup auto-rotation |
| Secret__NotUsed7days | None | Review & Remove unused secrets |