Test: Database Free Storage Space Monitored

ASSOCIATED DRATA CONTROL

This test is part of the Databases Monitored and Alarmed control that ensures your company has implemented tools to monitor databases and notify appropriate personnel of any events or incidents, based on predetermined criteria.

WHAT TO DO IF A TEST FAILS

If Drata detects that database storage monitoring is not enabled or that alerts have not been properly set up the test will fail. With a failed test you will receive a list of databases that lack storage monitoring or administrative alerts.

To remediate a failed test, you will need to set up and configure monitoring for database storage to ensure they are monitored with alerts being sent to DB admins in an event or incident.

STEPS FOR PASSING

To ensure a validated state when testing for monitoring of the database free storage, please follow the steps listed in the table below. Once the provider steps have been completed, navigate back to Drata and execute the test.

NOTE: If you are using the Datadog integration for this test, please see this help article for the metrics to be used.

Provider / Technology	Provider Steps
AWS - DocDB	Database Creation Within AWS, go to the DocDB service Create a DocDB cluster Alarm Creation Go to CloudWatch service Click on Create CloudWatch Click on Select Metric Click on DocDB Click on Instance Metrics Search for "`FreeLocalStorage`" Click on the checkbox for DB Conditions - Static -> Lower -> than 10000 10000 is an illustrative example; choose a value that makes sense for your setup Click on the Next button Select an SNS topic Click on the Next button Enter a name Click on the Next button Click on the Create alarm button Subscription Confirmation The subscription to the SNS topic used (or newly created) above must be confirmed for the test to pass. Go to SNS and select Subscriptions Click "Create subscription" and reference the newly created topic for the Topic ARN For Protocol select Email For Endpoint enter an email address, generally a monitored team inbox Click "Create subscription" and verify the email that was sent to your provided inbox Alternatively: Go to SNS and select Topics Click the topic name created with the alarm Under the Subscriptions banner, click the radio button for the topic's subscription Click "Confirm subscription" and verify the email that was sent to your provided inbox Note: You may also need to perform this check within Cluster Metrics on DocDB. Ensure that the conditions for DocDB cluster are Static -> Lower -> than 10000 (as an example value)
AWS - RDS For RDS Aurora PostgreSQL and Aurora MySQL (including Serverless v1), use `FreeLocalStorage`. For Aurora Serverless v2, use `TempStorageThroughput`. For RDS MySQL and RDS PostgreSQL, use `FreeStorageSpace`.	Database Creation Within AWS, go to the RDS service Click on Create database button Click on Standard create Engine options - any Set a templates Set a DB instance identifier Credentials Settings - click on ""Auto generate a password"" Set a DB instance size Availability & durability - Multi-AZ deployment - Do not create a standby instance Click on Create database button Alarm Creation Go to CloudWatch service Click on Create CloudWatch Alarm Click on Select Metric Click on RDS Click on Per-Database Metrics Search for your appropriate metric: Search for "`FreeLocalStorage`" on Aurora PostgreSQL and/or Aurora MySQL (including Serverless v1) Search for "`TempStorageThroughput`" on Aurora Serverless v2 Search for "`FreeStorageSpace`" on RDS PostgreSQL Click on the checkbox for DB Conditions - Static -> Lower -> than 10000 10000 is an illustrative example; choose a value that makes sense for your setup Click on the Next button Select an SNS topic Click on the Next button Enter a name Click on the Next button Click on the Create alarm button
Azure - MariaDB, MySQL, PostgresSQL	Create a MariaDB, MySQL, or PostgresSQL server Create an alert rule for "Storage percent" Add an action to the alert rule Ensure target resource type is set Ensure target resource region is set Save changes
Azure - SQL	Create an Azure SQL Server Create an SQL Database on that server Create an alert rule on that database for "Data Space Used" or "Data Space Used Percent" Add an action to the alert rule Ensure target resource type is set Ensure target resource region is set Save changes
Azure - SQL Managed Instance	Create a SQL Managed Instance Create at least one managed DB under it Create an alert rule on the SQL Managed Instance (not the lower level DB) for "Storage space used" Add an action to the alert rule Ensure target resource type is set Ensure target resource region is set Save changes
GCP - SQL	Database Creation Within GCP, go to the SQL service Create an instance Click on a database engine Enter an Instance ID Set a password for the root user Select a Region Select any Zone Click on "Show Configuration Options" under "Customize your instance" Click to open "Machine type" Select a machine size Click to open "Backups" Make sure "Automate backups" is checked Set other settings as desired Click on Create button Alert Creation Navigate to the GCP Monitoring service On the left menu click on "Alerting" Click on "Create policy" button On the "Create alerting policy" form click on Add Condition In the "Find resource type and metric" Search for SQL Click on Disk utilization Set a resource type: Cloud SQL Database Metric: Disk utilization For steps 5-8, by default the GCP Alert UI may only show "Active" metrics, and you may need to turn that toggle off to see the required option In the configuration add a value for Threshold: 70 70 is an illustrative example; choose a value that makes sense for your setup Click the ADD button Under Alert Details, assign an active Notification Channel (any except mobile cloud console will work) Click on Next button Enter an Alert name Click on Save button