Merge pull request #176 from turbot/release/v0.29

Release/v0.29
turbot · Mar 27, 2024 · 51465aa · 51465aa
2 parents 4208439 + 87cccc2
commit 51465aa
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,10 @@
+## v0.29 [2024-03-27]
+
+_What's new?_
+
+- New control added:
+  - `rds_mysql_postresql_db_no_unsupported_version` ([#174](https://github.com/turbot/steampipe-mod-aws-thrifty/pull/174))
+
 ## v0.28 [2024-04-06]
 
 _Powerpipe_

diff --git a/controls/rds.sp b/controls/rds.sp
@@ -43,7 +43,8 @@ benchmark "rds" {
     control.long_running_rds_db_instances,
     control.rds_db_instance_with_graviton,
     control.rds_db_low_connection_count,
-    control.rds_db_low_utilization
+    control.rds_db_low_utilization,
+    control.rds_mysql_postresql_db_no_unsupported_version
   ]
 
   tags = merge(local.rds_common_tags, {
@@ -240,3 +241,39 @@ control "rds_db_instance_with_graviton" {
   EOQ
 }
 
+control "rds_mysql_postresql_db_no_unsupported_version" {
+  title       = "RDS MySQL and PostgreSQL DB instances with unsupported version should be reviewed"
+  description = "MySQL 5.7 and PostgreSQL 11 database instances running on Amazon Aurora and Amazon Relational Database Service (Amazon RDS) will be automatically enrolled into Amazon RDS Extended Support. This automatic enrollment may mean that you will experience higher charges when RDS Extended Support begins. You can avoid these charges by upgrading your database to a newer DB version."
+  severity    = "low"
+
+  tags = merge(local.rds_common_tags, {
+    class = "deprecated"
+  })
+
+  sql = <<-EOQ
+    select
+      arn as resource,
+      engine_version,
+      engine,
+      case
+        when not engine ilike any (array ['%mysql%', '%postgres%']) then 'skip'
+        when
+          (engine like '%mysql' and engine_version like '5.7.%' )
+          or (engine like '%postgres%' and engine_version like '11.%') then 'alarm'
+        else 'ok'
+      end as status,
+      case
+        when not engine ilike any (array ['%mysql%', '%postgres%']) then title || ' is of ' || engine || ' engine type.'
+        when
+          (engine like '%mysql' and engine_version like '5.7.%' )
+          or (engine like '%postgres%' and engine_version like '11.%') then title || ' is using RDS Extended Support.'
+        else title || ' is not using RDS Extended Support.'
+      end as reason
+      ${local.tag_dimensions_sql}
+      ${local.common_dimensions_sql}
+    from
+      aws_rds_db_instance;
+  EOQ
+}
+
+