Rule: RDS DB Instance Multiple AZ Should Be Enabled
This rule ensures that RDS DB instances are enabled in multiple availability zones for improved reliability.
| Rule | RDS DB instance multiple az should be enabled |
| Framework | NIST 800-53 Revision 5 |
| Severity | ✔ Low |
Rule Description
The RDS DB Instance Multiple AZ feature should be enabled to comply with NIST 800-53 Revision 5. This rule ensures that the Amazon RDS (Relational Database Service) database instances have high availability and resilience to ensure business continuity and data preservation in the event of a failure or disaster.
Enabling multiple Availability Zone (AZ) deployment for your RDS DB instances creates a standby replica of your primary database in a different physical location. This replica will automatically take over if the primary database fails, providing seamless continuity of database operations.
Troubleshooting Steps
If you encounter any issues or are unsure if the RDS DB instance multiple AZ feature is enabled, follow these troubleshooting steps:
- 1.
Check RDS Console: Log in to the AWS Management Console and navigate to the RDS service. Ensure you have the necessary permissions to access and modify RDS instances.
- 2.
Select DB Instance: Identify the specific RDS DB instance for which you want to verify the multiple AZ setting.
- 3.
Check Availability Zone Configuration: In the RDS console, view the details of the selected DB instance. Look for the "Availability Zone" section and verify if it is enabled for multiple AZs.
- 4.
Verify Multi-AZ Deployment: Confirm if the "Multi-AZ deployment" option is set to "Yes." This indicates that the RDS DB instance is already configured for multiple AZs. If it is set to "No," proceed to the next step.
- 5.
Enable Multiple AZs: If the multi-AZ deployment is not enabled, select the DB instance and click on "Modify" to change the configuration.
- 6.
Modify DB Instance Settings: In the Modify DB Instance page, locate the "Multi-AZ deployment" option and set it to "Yes."
- 7.
Review and Apply Changes: Ensure all other configurations are correct, and review the modifications. Once verified, click on "Apply immediately" to enable the multi-AZ deployment.
- 8.
Monitor Status: After applying the changes, monitor the RDS console to confirm that the modification completed successfully. The DB instance status should reflect "modifying" for a short period, followed by "available."
Necessary Codes
No specific codes are required for enabling the multiple AZ configuration. The changes can be made directly through the AWS Management Console as described in the troubleshooting steps.
Step-by-Step Guide for Remediation
To enable multiple Availability Zone deployment for an RDS DB instance, follow these steps:
- 1.
Log in to the AWS Management Console.
- 2.
Navigate to the RDS service.
- 3.
Identify the specific RDS DB instance that needs to enable multiple AZ deployment.
- 4.
Check if the DB instance is already configured for multi-AZ deployment by verifying the "Multi-AZ deployment" option set to "Yes" in the RDS console. If already enabled, no further action is needed.
- 5.
If the multi-AZ deployment is not enabled, select the DB instance.
- 6.
Click on "Modify" to update the configuration.
- 7.
In the Modify DB Instance page, locate the "Multi-AZ deployment" option and set it to "Yes."
- 8.
Review and verify any other configuration settings if needed.
- 9.
Once verified, click on "Apply immediately" to apply the changes.
- 10.
Monitor the RDS console to observe the modification progress. The DB instance status will change to "modifying" during the update process.
- 11.
After a short period, the DB instance status will change to "available" once the modification is completed.
By following these steps, you can successfully enable multiple AZ deployment for an RDS DB instance to comply with the NIST 800-53 Revision 5 requirements.