タダです.
RDS 運用しているとパッチが出てきて気づかなかったみたいなことがあります.そのために必要なことを調査をしたのでこの記事にまとめます.
RDS のパッチ適用通知を確認する方法
調査する前は EventBridge か RDS のイベントサブスクリプションからうけとれるのかと思っていました.しかし,これができずパッチを確認するためには DescribePendingMaintenanceActions
API 経由で行います.
docs.aws.amazon.com
AWS CLI でやる場合は describe-pending-maintenance-actions コマンドで確認できます.
$ aws rds describe-pending-maintenance-actions
{
"PendingMaintenanceActions": [
{
"ResourceIdentifier": "arn:aws:rds:us-west-2:123456789012:cluster:global-db1-cl1",
"PendingMaintenanceActionDetails": [
{
"Action": "system-update",
"Description": "Upgrade to Aurora PostgreSQL 2.4.2"
}
]
}
]
}
aws rds describe-pending-maintenance-actions | jq -r '.PendingMaintenanceActions[].ResourceIdentifier'
arn:aws:rds:us-west-2:123456789012:cluster:global-db1-cl1
aws rds describe-pending-maintenance-actions | jq -r '.PendingMaintenanceActions[].PendingMaintenanceActionDetails[].Action'
system-update
JavaScript の SDK 経由で describePendingMaintenanceActions API を呼び出した場合は次のようなのでいけました.Node.js 16.x
の Lambda で検証しました.
const AWS = require('aws-sdk')
const rds = new AWS.RDS();
const params = {
Filters:[
{
Name: "db-cluster-id",
Values: [
"arn:aws:rds:ap-northeast-1:xxxx:cluster:hogedb"
]
}
]
}
exports.handler = async(event) => {
console.log("start")
const hoge = rds.describePendingMaintenanceActions(params,function(err, data) {
if (err) {
console.log(err, err.stack)
} else {
console.log(data)
}
});
return 'Finish rds patch chek function'
}
レスポンスデータは次のような情報が返ってきます.data
のセクションでパッチ適用があったらそのデータが入ります.
<ref *1> Request {
domain: null,
service: Service {
config: Config {
credentials: [EnvironmentCredentials],
credentialProvider: [CredentialProviderChain],
region: 'ap-northeast-1',
logger: null,
apiVersions: {},
apiVersion: null,
endpoint: 'rds.ap-northeast-1.amazonaws.com',
httpOptions: [Object],
maxRetries: undefined,
maxRedirects: 10,
paramValidation: true,
sslEnabled: true,
s3ForcePathStyle: false,
s3BucketEndpoint: false,
s3DisableBodySigning: true,
s3UsEast1RegionalEndpoint: 'legacy',
s3UseArnRegion: undefined,
computeChecksums: true,
convertResponseTypes: true,
correctClockSkew: false,
customUserAgent: null,
dynamoDbCrc32: true,
systemClockOffset: 0,
signatureVersion: 'v4',
signatureCache: true,
retryDelayOptions: {},
useAccelerateEndpoint: false,
clientSideMonitoring: false,
endpointDiscoveryEnabled: undefined,
endpointCacheSize: 1000,
hostPrefixEnabled: true,
stsRegionalEndpoints: 'legacy',
useFipsEndpoint: false,
useDualstackEndpoint: false
},
isGlobalEndpoint: false,
endpoint: Endpoint {
protocol: 'https:',
host: 'rds.ap-northeast-1.amazonaws.com',
port: 443,
hostname: 'rds.ap-northeast-1.amazonaws.com',
pathname: '/',
path: '/',
href: 'https://rds.ap-northeast-1.amazonaws.com/'
},
_events: { apiCallAttempt: [Array], apiCall: [Array] },
MONITOR_EVENTS_BUBBLE: [Function: EVENTS_BUBBLE],
CALL_EVENTS_BUBBLE: [Function: CALL_EVENTS_BUBBLE],
_clientId: 1
},
operation: 'describePendingMaintenanceActions',
params: { Filters: [ [Object] ] },
httpRequest: HttpRequest {
method: 'POST',
path: '/',
headers: {
'User-Agent': 'aws-sdk-nodejs/2.1083.0 linux/v16.14.0 exec-env/AWS_Lambda_nodejs16.x'
},
body: '',
endpoint: {
protocol: 'https:',
host: 'rds.ap-northeast-1.amazonaws.com',
port: 443,
hostname: 'rds.ap-northeast-1.amazonaws.com',
pathname: '/',
path: '/',
href: 'https://rds.ap-northeast-1.amazonaws.com/',
constructor: [Function]
},
region: 'ap-northeast-1',
_userAgent: 'aws-sdk-nodejs/2.1083.0 linux/v16.14.0 exec-env/AWS_Lambda_nodejs16.x'
},
startTime: 2022-06-17T06:23:02.561Z,
response: Response {
request: [Circular *1],
data: null,
error: null,
retryCount: 0,
redirectCount: 0,
httpResponse: HttpResponse {
statusCode: undefined,
headers: {},
body: undefined,
streaming: false,
stream: null
},
maxRetries: 3,
maxRedirects: 10
},
_asm: AcceptorStateMachine {
currentState: 'validate',
states: {
validate: [Object],
build: [Object],
afterBuild: [Object],
sign: [Object],
retry: [Object],
afterRetry: [Object],
send: [Object],
validateResponse: [Object],
extractError: [Object],
extractData: [Object],
restart: [Object],
success: [Object],
error: [Object],
complete: [Object]
}
},
_haltHandlersOnError: false,
_events: {
validate: [
[Function (anonymous)],
[Function],
[Function: VALIDATE_REGION],
[Function: BUILD_IDEMPOTENCY_TOKENS],
[Function: VALIDATE_PARAMETERS]
],
afterBuild: [
[Function: COMPUTE_CHECKSUM],
[Function],
[Function: SET_CONTENT_LENGTH],
[Function: SET_HTTP_HOST]
],
restart: [ [Function: RESTART] ],
sign: [ [Function (anonymous)], [Function], [Function] ],
validateResponse: [ [Function: VALIDATE_RESPONSE], [Function (anonymous)] ],
send: [ [Function] ],
httpHeaders: [ [Function: HTTP_HEADERS] ],
httpData: [ [Function: HTTP_DATA] ],
httpDone: [ [Function: HTTP_DONE] ],
retry: [
[Function: FINALIZE_ERROR],
[Function: INVALIDATE_CREDENTIALS],
[Function: EXPIRED_SIGNATURE],
[Function: CLOCK_SKEWED],
[Function: REDIRECT],
[Function: RETRY_CHECK],
[Function: API_CALL_ATTEMPT_RETRY]
],
afterRetry: [ [Function] ],
build: [ [Function: buildRequest] ],
extractData: [ [Function: extractData], [Function: extractRequestId] ],
extractError: [ [Function: extractError], [Function: extractRequestId] ],
httpError: [ [Function: ENOTFOUND_ERROR] ],
success: [ [Function: API_CALL_ATTEMPT] ],
complete: [ [Function: API_CALL] ]
},
emit: [Function: emit],
API_CALL_ATTEMPT: [Function: API_CALL_ATTEMPT],
API_CALL_ATTEMPT_RETRY: [Function: API_CALL_ATTEMPT_RETRY],
API_CALL: [Function: API_CALL]
}
まとめ
RDS のパッチの有無を確認する方法を調べたのでまとめました.こういうのも EventBridge 経由で送られたらいいのになと思います.