Rule: RDS DB Instance Multiple AZ Should Be Enabled
This rule ensures that RDS DB instances have multiple AZ enabled for improved resilience and availability.
| Rule | RDS DB instance multiple az should be enabled |
| Framework | Federal Financial Institutions Examination Council (FFIEC) |
| Severity | ✔ Low |
Rule Description:
The rule states that for Federal Financial Institutions Examination Council (FFIEC) compliance, the RDS (Relational Database Service) DB instance in AWS should have multiple Availability Zones (AZs) enabled. This means that the DB instance should be replicated across different AZs to ensure high availability and fault tolerance.
Enabling multiple AZs ensures that if one AZ becomes unavailable due to maintenance, outage, or any other reason, the DB instance can still remain operational by failing over to the replica in another AZ. This helps to minimize downtime and maintain the availability of the database for FFIEC compliance.
Troubleshooting Steps:
- 1.Verify if the RDS DB instance is currently configured with multiple AZs enabled.
- 2.Check if the DB instance is in a single AZ, indicating that it is not compliant with FFIEC requirements.
- 3.Review the AWS CloudFormation, AWS CLI, or AWS Console configuration settings for the RDS DB instance to identify any misconfigurations.
- 4.Review the associated RDS instance's AWS CloudFormation, AWS CLI, or AWS Console template to ensure that multi-AZ deployment is specified.
- 5.Ensure that the DB instance is using a supported database engine that supports multi-AZ deployment (e.g., MySQL, Postgres, Oracle, etc.).
Remediation Steps:
To enable multiple AZs for the RDS DB instance:
- 1.Log in to the AWS Management Console.
- 2.Navigate to the Amazon RDS service.
- 3.Select the appropriate region.
- 4.Click on the RDS DB instance that needs to be modified.
- 5.From the Actions dropdown menu, select "Modify."
- 6.In the Modify DB Instance window, scroll down to the "Multi-AZ deployment" section.
- 7.Check the checkbox to enable "Multi-AZ deployment."
- 8.Review the other settings and modify any necessary parameters.
- 9.Click on the "Continue" button.
- 10.Review the summary of changes and click on the "Modify DB Instance" button to apply the changes.
- 11.Wait for the modification process to complete. This may take a few minutes.
- 12.Once the modification is complete, verify that the RDS DB instance now has multi-AZ deployment enabled.
Please note that enabling multi-AZ deployment may incur additional costs. Make sure to review the pricing details before applying any changes.
Additional Information:
- Enabling multi-AZ deployment ensures that the DB instance has a standby replica in a different AZ to provide redundancy and failover capabilities.
- This configuration helps meet FFIEC compliance requirements by minimizing downtime and ensuring high availability of the RDS DB instance for Federal Financial Institutions.
- It is recommended to regularly test the failover process to validate the effectiveness of the multi-AZ deployment.