Rule: RDS DB Instance Multiple AZ Should be Enabled
This rule ensures that RDS DB instance is configured to use multiple availability zones for high availability.
| Rule | RDS DB instance multiple az should be enabled |
| Framework | NIST 800-53 Revision 4 |
| Severity | ✔ Low |
RDS DB Instance Multiple AZ Configuration for NIST 800-53 Revision 4
Rule/Policy Description
To adhere to the security requirements specified in NIST 800-53 Revision 4, it is recommended to enable Multiple Availability Zone (AZ) configuration for the RDS (Relational Database Service) DB instance. This configuration enhances the availability and durability of the DB instance by automatically synchronously replicating data to a standby replica in a different Availability Zone within the same region.
Troubleshooting Steps (if applicable)
If you encounter any issues while enabling Multiple AZ configuration for your RDS DB instance, consider the following troubleshooting steps:
- 1.Ensure that your AWS account has sufficient permissions to modify the DB instance configurations.
- 2.Verify that your RDS DB instance is located within a region that supports Multiple AZ deployment. Some regions may not offer this feature.
- 3.Check if your account has available resources, as enabling Multiple AZ may require additional storage and compute capacity.
- 4.Confirm that your RDS instance is using a supported database engine that allows for Multiple AZ configuration.
- 5.Review your VPC (Virtual Private Cloud) setup and ensure proper network connectivity between the Availability Zones.
- 6.If you encounter any error messages, consult the AWS documentation or reach out to AWS Support for further assistance.
Necessary Codes (if applicable)
To enable Multiple AZ configuration for your RDS DB instance, you can use the AWS Command Line Interface (AWS CLI) or AWS Management Console. Here is an example using AWS CLI:
aws rds modify-db-instance --db-instance-identifier <instance-identifier> --multi-az
Replace
<instance-identifier>Step-by-Step Guide for Remediation
Follow these steps to enable Multiple AZ configuration for your RDS DB instance:
- 1.Step 1: Log in to your AWS Management Console.
- 2.Step 2: Navigate to the Amazon RDS service.
- 3.Step 3: Choose the region where your RDS DB instance is located.
- 4.Step 4: Select the RDS DB instance that you want to modify.
- 5.Step 5: Click on the "Modify" option in the top menu.
- 6.Step 6: Scroll down to the "High Availability" section.
- 7.Step 7: Check the box for "Enable Multi-AZ" configuration.
- 8.Step 8: Review the configuration changes.
- 9.Step 9: Click on the "Apply Immediately" option if you want the changes to take effect immediately.
- 10.Step 10: Click on the "Modify DB Instance" button to save the changes.
After following these steps, AWS will start the process of creating a standby replica of your RDS DB instance in a different Availability Zone. The process may take some time depending on the size of your database. Once the configuration is completed, your RDS DB instance will be running in Multiple AZs, providing better resilience against zone-level failures.
Always monitor your RDS instance to ensure that replication and failover are working as expected. Regularly test failover scenarios to verify the availability of your Multi-AZ setup.
Remember to review and update your overall security controls to align with the NIST 800-53 guidelines in other aspects of your AWS infrastructure as well.