AWS Amazon RDS Event Subscription

This page shows how to write Terraform and CloudFormation for Amazon RDS Event Subscription and write them securely.

aws_db_event_subscription (Terraform)

The Event Subscription in Amazon RDS can be configured in Terraform with the resource name aws_db_event_subscription. The following sections describe 2 examples of how to use the resource and its parameters.

Example Usage from GitHub

main.tf#L71
resource "aws_db_event_subscription" "default-db-security-group" {
  name      = "rds-event-sub"
  sns_topic = aws_sns_topic.default.arn

  source_type = "db-security-group"
  enabled = false
src_sns.tf#L8
resource "aws_db_event_subscription" "snapshots" {
  provider = aws.src

  name      = "rds-snapshots"
  sns_topic = aws_sns_topic.rds_snapshots.arn
}

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

Explanation in Terraform Registry

Provides a DB event subscription resource.

Tips: Best Practices for The Other AWS Amazon RDS Resources

In addition to the aws_db_instance, AWS Amazon RDS has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

aws_db_instance

Ensure backup retension of your RDS instance is specified

It's better to set it explicitly to reduce the risk of availability issues.

risk-label

aws_rds_cluster

Ensure backup retension of your RDS cluster is specified

It's better to set it explicitly to reduce the risk of availability issues.

risk-label

aws_rds_cluster_instance

Ensure your RDS cluster instance blocks unwanted access

It's better to limit accessibily to the minimum that is required for the application to work.

Review your AWS Amazon RDS settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

AWS::RDS::EventSubscription (CloudFormation)

The EventSubscription in RDS can be configured in CloudFormation with the resource name AWS::RDS::EventSubscription. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

template.yml#L76
    Type: AWS::RDS::EventSubscription
    DependsOn: RdsEventTopicPolicy
    Properties:
      SnsTopicArn: !Ref RdsEventTopic

Outputs:
aurora-database-stack.yml#L580
    Type: "AWS::RDS::EventSubscription"
    Properties:
      EventCategories:
        - failover
        - failure
        - notification
AuroraCluster.yml#L388
    Type: 'AWS::RDS::EventSubscription'
    Properties:
      EventCategories:
      - failover
      - failure
      - notification
AuroraCluster.yml#L388
    Type: 'AWS::RDS::EventSubscription'
    Properties:
      EventCategories:
      - failover
      - failure
      - notification
AuroraClusterMY.yml#L388
    Type: 'AWS::RDS::EventSubscription'
    Properties:
      EventCategories:
      - failover
      - failure
      - notification
AWS-RDS-EventSubscription-Disabled-for-DBSecurityGroups.json#L6
   "rule": "$.Resources.*[?(@.Type == 'AWS::RDS::DBInstance')] size greater than 0 and (not $.Resources.*[?(@.Type == 'AWS::RDS::EventSubscription')].Properties[?(@.SourceType == 'db-security-group')].Enabled anyTrue)",
   "id": "5b3c12cf-eef5-42de-afbe-4e80e1dfe600",
   "enabled": false,
   "recommendation": {
      "name": "Recommended solution for enabling AWS RDS event subscription.",
      "description": "It is recommended to enable subscriptions for AWS RDS event. Please make sure that if \"SourceType\" is equal to \"db-security-group\" under \"EventSubscription\", then \"Enabled\" should be set to true",
AWS-RDS-EventSubscription-Disabled-for-DBSecurityGroups-positive-missing.json#L26
      "Type": "AWS::RDS::EventSubscription",
      "Properties": {
        "EventCategories": [
          "configuration change",
          "failure",
          "deletion"
AWS-RDS-EventSubscription-Disabled-for-DBSecurityGroups-negative-one.json#L26
      "Type": "AWS::RDS::EventSubscription",
      "Properties": {
        "EventCategories": [
          "configuration change",
          "failure",
          "deletion"
AWS-RDS-EventSubscription-Disabled-for-DBSecurityGroups-positive.json#L26
      "Type": "AWS::RDS::EventSubscription",
      "Properties": {
        "EventCategories": [
          "configuration change",
          "failure",
          "deletion"
AWS-RDS-EventSubscription-Disabled-for-DBSecurityGroups-negative.json#L26
      "Type": "AWS::RDS::EventSubscription",
      "Properties": {
        "EventCategories": [
          "configuration change",
          "failure",
          "deletion"

Parameters

Explanation in CloudFormation Registry

The AWS::RDS::EventSubscription resource allows you to receive notifications for Amazon Relational Database Service events through the Amazon Simple Notification Service (Amazon SNS). For more information, see Using Amazon RDS Event Notification in the Amazon RDS User Guide.

Frequently asked questions

What is AWS Amazon RDS Event Subscription?

AWS Amazon RDS Event Subscription is a resource for Amazon RDS of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Amazon RDS Event Subscription?

For Terraform, the prancer-io/prancer-terramerra and ag-pinguin/terraform_rds_replication source code examples are useful. See the Terraform Example section for further details.

For CloudFormation, the PokaInc/rds-events-to-cloudwatch, ibexmercado/crypto-mercado and sprintqaDevOps/AWS source code examples are useful. See the CloudFormation Example section for further details.