Rule: RDS DB Instance Multiple AZ Should Be Enabled

This rule ensures RDS DB instances are configured to run in multiple availability zones for high availability.

Rule	RDS DB instance multiple az should be enabled
Framework	NIST 800-171 Revision 2
Severity	✔ Low

NIST 800-171 Revision 2: RDS DB Instance Multiple AZ Enabled

Description

Enabling multiple Availability Zones (AZ) for an Amazon RDS (Relational Database Service) DB instance is a requirement of NIST (National Institute of Standards and Technology) 800-171 Revision 2. This security rule ensures high availability and fault tolerance for the database by replicating the data across different geographical locations within a selected region.

Troubleshooting Steps

If the multiple AZ configuration is not enabled, follow the steps below for remediation:

1.

Identify the RDS DB instance: Determine the specific RDS DB instance for which the multiple AZ configuration needs to be enabled.

2.

Backup the RDS DB instance: Before making any changes, it is recommended to create a backup of the RDS DB instance to avoid any data loss.

3.

Enable Multi-AZ: Log in to the AWS Management Console and navigate to the Amazon RDS service.

4.

Select the RDS DB instance: Locate the RDS DB instance that requires multiple AZ configuration and select it.

5.

Modify the instance: From the "Actions" menu, select "Modify."

6.

Enable Multi-AZ: In the "Modify DB Instance" page, navigate to the "Availability & durability" section and select the option for "Multi-AZ deployment."

7.

Apply the changes: Review the modifications and click on "Apply immediately" to apply the changes without any downtime.

8.

Confirm the status: Wait for the modifications to complete and check that the RDS DB instance is now utilizing multiple AZs.

Necessary Code

No code is required to enable multiple AZs for an RDS DB instance since the configuration is done through the AWS Management Console. However, the AWS CLI (Command Line Interface) commands below can be used if you prefer CLI-based configuration:

# Modify the RDS DB instance to enable Multi-AZ deployment
aws rds modify-db-instance \
    --db-instance-identifier <db-instance-id> \
    --multi-az \
    --apply-immediately

Replace

<db-instance-id>

with the actual identifier of the RDS DB instance.

Conclusion

Enabling multiple AZs for an RDS DB instance ensures that your database is highly available and fault-tolerant. Following the provided troubleshooting steps or using the CLI command, you can successfully configure your RDS DB instance to comply with NIST 800-171 Revision 2 requirements.

Rule: RDS DB Instance Multiple AZ Should Be Enabled

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Description

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Necessary Code

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Conclusion

Is your System Free of Underlying Vulnerabilities? Find Out Now

Description

Troubleshooting Steps

Necessary Code

Conclusion

Is your System Free of Underlying Vulnerabilities?
Find Out Now