タダです.
RDS 運用しているとパッチが出てきて気づかなかったみたいなことがあります.そのために必要なことを調査をしたのでこの記事にまとめます.
RDS のパッチ適用通知を確認する方法
調査する前は EventBridge か RDS のイベントサブスクリプションからうけとれるのかと思っていました.しかし,これができずパッチを確認するためには DescribePendingMaintenanceActions API 経由で行います.
AWS CLI でやる場合は describe-pending-maintenance-actions コマンドで確認できます.
# イベントがない場合のレスポンス $ aws rds describe-pending-maintenance-actions { "PendingMaintenanceActions": [ { "ResourceIdentifier": "arn:aws:rds:us-west-2:123456789012:cluster:global-db1-cl1", "PendingMaintenanceActionDetails": [ { "Action": "system-update", "Description": "Upgrade to Aurora PostgreSQL 2.4.2" } ] } ] } # jq で抽出 aws rds describe-pending-maintenance-actions | jq -r '.PendingMaintenanceActions[].ResourceIdentifier' arn:aws:rds:us-west-2:123456789012:cluster:global-db1-cl1 aws rds describe-pending-maintenance-actions | jq -r '.PendingMaintenanceActions[].PendingMaintenanceActionDetails[].Action' system-update
JavaScript の SDK 経由で describePendingMaintenanceActions API を呼び出した場合は次のようなのでいけました.Node.js 16.x の Lambda で検証しました.
const AWS = require('aws-sdk')
const rds = new AWS.RDS();
const params = {
Filters:[
{
Name: "db-cluster-id",
Values: [
"arn:aws:rds:ap-northeast-1:xxxx:cluster:hogedb"
]
}
]
}
exports.handler = async(event) => {
console.log("start")
const hoge = rds.describePendingMaintenanceActions(params,function(err, data) {
if (err) {
console.log(err, err.stack)
} else {
console.log(data)
}
});
return 'Finish rds patch chek function'
}
レスポンスデータは次のような情報が返ってきます.dataのセクションでパッチ適用があったらそのデータが入ります.
<ref *1> Request { domain: null, service: Service { config: Config { credentials: [EnvironmentCredentials], credentialProvider: [CredentialProviderChain], region: 'ap-northeast-1', logger: null, apiVersions: {}, apiVersion: null, endpoint: 'rds.ap-northeast-1.amazonaws.com', httpOptions: [Object], maxRetries: undefined, maxRedirects: 10, paramValidation: true, sslEnabled: true, s3ForcePathStyle: false, s3BucketEndpoint: false, s3DisableBodySigning: true, s3UsEast1RegionalEndpoint: 'legacy', s3UseArnRegion: undefined, computeChecksums: true, convertResponseTypes: true, correctClockSkew: false, customUserAgent: null, dynamoDbCrc32: true, systemClockOffset: 0, signatureVersion: 'v4', signatureCache: true, retryDelayOptions: {}, useAccelerateEndpoint: false, clientSideMonitoring: false, endpointDiscoveryEnabled: undefined, endpointCacheSize: 1000, hostPrefixEnabled: true, stsRegionalEndpoints: 'legacy', useFipsEndpoint: false, useDualstackEndpoint: false }, isGlobalEndpoint: false, endpoint: Endpoint { protocol: 'https:', host: 'rds.ap-northeast-1.amazonaws.com', port: 443, hostname: 'rds.ap-northeast-1.amazonaws.com', pathname: '/', path: '/', href: 'https://rds.ap-northeast-1.amazonaws.com/' }, _events: { apiCallAttempt: [Array], apiCall: [Array] }, MONITOR_EVENTS_BUBBLE: [Function: EVENTS_BUBBLE], CALL_EVENTS_BUBBLE: [Function: CALL_EVENTS_BUBBLE], _clientId: 1 }, operation: 'describePendingMaintenanceActions', params: { Filters: [ [Object] ] }, httpRequest: HttpRequest { method: 'POST', path: '/', headers: { 'User-Agent': 'aws-sdk-nodejs/2.1083.0 linux/v16.14.0 exec-env/AWS_Lambda_nodejs16.x' }, body: '', endpoint: { protocol: 'https:', host: 'rds.ap-northeast-1.amazonaws.com', port: 443, hostname: 'rds.ap-northeast-1.amazonaws.com', pathname: '/', path: '/', href: 'https://rds.ap-northeast-1.amazonaws.com/', constructor: [Function] }, region: 'ap-northeast-1', _userAgent: 'aws-sdk-nodejs/2.1083.0 linux/v16.14.0 exec-env/AWS_Lambda_nodejs16.x' }, startTime: 2022-06-17T06:23:02.561Z, response: Response { request: [Circular *1], data: null, error: null, retryCount: 0, redirectCount: 0, httpResponse: HttpResponse { statusCode: undefined, headers: {}, body: undefined, streaming: false, stream: null }, maxRetries: 3, maxRedirects: 10 }, _asm: AcceptorStateMachine { currentState: 'validate', states: { validate: [Object], build: [Object], afterBuild: [Object], sign: [Object], retry: [Object], afterRetry: [Object], send: [Object], validateResponse: [Object], extractError: [Object], extractData: [Object], restart: [Object], success: [Object], error: [Object], complete: [Object] } }, _haltHandlersOnError: false, _events: { validate: [ [Function (anonymous)], [Function], [Function: VALIDATE_REGION], [Function: BUILD_IDEMPOTENCY_TOKENS], [Function: VALIDATE_PARAMETERS] ], afterBuild: [ [Function: COMPUTE_CHECKSUM], [Function], [Function: SET_CONTENT_LENGTH], [Function: SET_HTTP_HOST] ], restart: [ [Function: RESTART] ], sign: [ [Function (anonymous)], [Function], [Function] ], validateResponse: [ [Function: VALIDATE_RESPONSE], [Function (anonymous)] ], send: [ [Function] ], httpHeaders: [ [Function: HTTP_HEADERS] ], httpData: [ [Function: HTTP_DATA] ], httpDone: [ [Function: HTTP_DONE] ], retry: [ [Function: FINALIZE_ERROR], [Function: INVALIDATE_CREDENTIALS], [Function: EXPIRED_SIGNATURE], [Function: CLOCK_SKEWED], [Function: REDIRECT], [Function: RETRY_CHECK], [Function: API_CALL_ATTEMPT_RETRY] ], afterRetry: [ [Function] ], build: [ [Function: buildRequest] ], extractData: [ [Function: extractData], [Function: extractRequestId] ], extractError: [ [Function: extractError], [Function: extractRequestId] ], httpError: [ [Function: ENOTFOUND_ERROR] ], success: [ [Function: API_CALL_ATTEMPT] ], complete: [ [Function: API_CALL] ] }, emit: [Function: emit], API_CALL_ATTEMPT: [Function: API_CALL_ATTEMPT], API_CALL_ATTEMPT_RETRY: [Function: API_CALL_ATTEMPT_RETRY], API_CALL: [Function: API_CALL] }
まとめ
RDS のパッチの有無を確認する方法を調べたのでまとめました.こういうのも EventBridge 経由で送られたらいいのになと思います.
