Skip to main content
All CollectionsMonitoringTests
Test: Database Free Storage Space Monitored
Test: Database Free Storage Space Monitored

Drata inspects your company database monitoring configuration to determine if free storage space is monitored, with appropriate alerts.

Updated over a month ago

ASSOCIATED DRATA CONTROL

This test is part of the Databases Monitored and Alarmed control that ensures your company has implemented tools to monitor databases and notify appropriate personnel of any events or incidents, based on predetermined criteria.

WHAT TO DO IF A TEST FAILS

If Drata detects that database storage monitoring is not enabled or that alerts have not been properly set up the test will fail. With a failed test you will receive a list of databases that lack storage monitoring or administrative alerts.

To remediate a failed test, you will need to set up and configure monitoring for database storage to ensure they are monitored with alerts being sent to DB admins in an event or incident.

STEPS FOR PASSING

To ensure a validated state when testing for monitoring of the database free storage, please follow the steps listed in the table below. Once the provider steps have been completed, navigate back to Drata and execute the test.

NOTE: If you are using the Datadog integration for this test, please see this help article for the metrics to be used.

Provider / Technology

Provider Steps

AWS - DocDB

Database Creation

  1. Within AWS, go to the DocDB service

  2. Create a DocDB cluster

Alarm Creation

  1. Go to CloudWatch service

  2. Click on Create CloudWatch

  3. Click on Select Metric

  4. Click on DocDB

  5. Click on Instance Metrics

  6. Search for "FreeLocalStorage"

  7. Click on the checkbox for DB

  8. Conditions - Static -> Lower -> than 10000

    1. 10000 is an illustrative example; choose a value that makes sense for your setup

  9. Click on the Next button

  10. Select an SNS topic

  11. Click on the Next button

  12. Enter a name

  13. Click on the Next button

  14. Click on the Create alarm button

Subscription Confirmation

The subscription to the SNS topic used (or newly created) above must be confirmed for the test to pass.

  1. Go to SNS and select Subscriptions

  2. Click "Create subscription" and reference the newly created topic for the Topic ARN

  3. For Protocol select Email

  4. For Endpoint enter an email address, generally a monitored team inbox

  5. Click "Create subscription" and verify the email that was sent to your provided inbox

Alternatively:

  1. Go to SNS and select Topics

  2. Click the topic name created with the alarm

  3. Under the Subscriptions banner, click the radio button for the topic's subscription

  4. Click "Confirm subscription" and verify the email that was sent to your provided inbox

Note: You may also need to perform this check within Cluster Metrics on DocDB. Ensure that the conditions for DocDB cluster are Static -> Lower -> than 10000 (as an example value)

AWS - RDS

For RDS Aurora PostgreSQL and Aurora MySQL (including Serverless v1), use FreeLocalStorage. For Aurora Serverless v2, use TempStorageThroughput. For RDS MySQL and RDS PostgreSQL, use FreeStorageSpace.

Database Creation

  1. Within AWS, go to the RDS service

  2. Click on Create database button

  3. Click on Standard create

    1. Engine options - any

    2. Set a templates

    3. Set a DB instance identifier

    4. Credentials Settings - click on ""Auto generate a password""

    5. Set a DB instance size

    6. Availability & durability - Multi-AZ deployment - Do not create a standby instance

  4. Click on Create database button

Alarm Creation - Database Instance

  1. Go to CloudWatch service

  2. Click on Create CloudWatch Alarm

  3. Click on Select Metric

  4. Click on RDS

  5. Click on Per-Database Metrics

  6. Search for your appropriate metric:

    1. Search for "FreeLocalStorage" on Aurora PostgreSQL and/or Aurora MySQL (including Serverless v1)

    2. Search for "TempStorageThroughput" on Aurora Serverless v2

    3. Search for "FreeStorageSpace" on RDS PostgreSQL

  7. Click on the checkbox for DB

  8. Conditions - Static -> Lower -> than 10000

    1. 10000 is an illustrative example; choose a value that makes sense for your setup

  9. Click on the Next button

  10. Select an SNS topic

  11. Click on the Next button

    1. Enter a name

  12. Click on the Next button

  13. Click on the Create alarm button

Alarm Creation - Database Cluster

  1. Go to CloudWatch service

  2. Click on Create CloudWatch Alarm

  3. Click on Select Metric

  4. Click on RDS

  5. Click on DBClusterIdentifier Metrics

  6. Search for your appropriate metric:

    1. Search for "FreeLocalStorage" on Aurora PostgreSQL and/or Aurora MySQL (including Serverless v1)

    2. Search for "TempStorageThroughput" on Aurora Serverless v2

    3. Search for "FreeStorageSpace" on RDS PostgreSQL

  7. Click on the checkbox for DB

  8. Conditions - Static -> Lower -> than 10000

    1. 10000 is an illustrative example; choose a value that makes sense for your setup

  9. Click on the Next button

  10. Select an SNS topic

  11. Click on the Next button

    1. Enter a name

  12. Click on the Next button

  13. Click on the Create alarm button

Subscription Confirmation

The subscription to the SNS topic used (or newly created) above must be confirmed for the test to pass.

  1. Go to SNS and select Subscriptions

  2. Click "Create subscription" and reference the newly created topic for the Topic ARN

  3. For Protocol select Email

  4. For Endpoint enter an email address, generally a monitored team inbox

  5. Click "Create subscription" and verify the email that was sent to your provided inbox

Alternatively:

  1. Go to SNS and select Topics

  2. Click the topic name created with the alarm

  3. Under the Subscriptions banner, click the radio button for the topic's subscription

  4. Click "Confirm subscription" and verify the email that was sent to your provided inbox

Azure - MariaDB, MySQL, PostgresSQL

  1. Create a MariaDB, MySQL, or PostgresSQL server

  2. Create an alert rule for "Storage percent"

  3. Add an action to the alert rule

  4. Ensure target resource type is set

  5. Ensure target resource region is set

  6. Save changes

Azure - SQL

  1. Create an Azure SQL Server

  2. Create an SQL Database on that server

  3. Create an alert rule on that database for "Data Space Used" or "Data Space Used Percent"

  4. Add an action to the alert rule

  5. Ensure target resource type is set

  6. Ensure target resource region is set

  7. Save changes

Azure - SQL Managed Instance

  1. Create a SQL Managed Instance

  2. Create at least one managed DB under it

  3. Create an alert rule on the SQL Managed Instance (not the lower level DB) for "Storage space used"

  4. Add an action to the alert rule

  5. Ensure target resource type is set

  6. Ensure target resource region is set

  7. Save changes

GCP - SQL

Database Creation

  1. Within GCP, go to the SQL service

  2. Create an instance

  3. Click on a database engine

  4. Enter an Instance ID

  5. Set a password for the root user

  6. Select a Region

  7. Select any Zone

  8. Click on "Show Configuration Options" under "Customize your instance"

  9. Click to open "Machine type"

  10. Select a machine size

  11. Click to open "Backups"

  12. Make sure "Automate backups" is checked

  13. Set other settings as desired

  14. Click on Create button

Alert Creation

  1. Navigate to the GCP Monitoring service

  2. On the left menu click on "Alerting"

  3. Click on "Create policy" button

  4. On the "Create alerting policy" form click on Add Condition

  5. In the "Find resource type and metric"

    1. Search for SQL

  6. Click on Disk utilization

  7. Set a resource type: Cloud SQL Database

  8. Metric: Disk utilization

    1. For steps 5-8, by default the GCP Alert UI may only show "Active" metrics, and you may need to turn that toggle off to see the required option

  9. In the configuration add a value for Threshold: 70

    1. 70 is an illustrative example; choose a value that makes sense for your setup

  10. Click the ADD button

  11. Under Alert Details, assign an active Notification Channel (any except mobile cloud console will work)

  12. Click on Next button

  13. Enter an Alert name

  14. Click on Save button

Did this answer your question?