Rule: RDS DB Instance Multiple AZ Should Be Enabled
This rule ensures enabling multiple availability zones for RDS DB instances.
| Rule | RDS DB instance multiple az should be enabled |
| Framework | Federal Financial Institutions Examination Council (FFIEC) |
| Severity | ✔ Low |
Enabling Multi-AZ Deployments for RDS Instances for FFIEC Compliance
Multi-AZ (Availability Zone) deployments for Amazon Relational Database Service (RDS) instances are essential for meeting the resiliency and high availability requirements set forth by the Federal Financial Institutions Examination Council (FFIEC). Compliance with FFIEC standards implies that financial institutions must have robust disaster recovery and business continuity plans, which include maintaining high availability of critical databases.
Description of the Rule
Multi-AZ deployment involves running a primary RDS instance in one Availability Zone and maintaining a synchronous standby instance in a different, geographically distinct Availability Zone. In the event the primary RDS instance experiences a failure, RDS will automatically failover to the standby, minimizing the downtime, and ensuring continuity of operations.
Benefits of Multi-AZ
- Increased availability
- Automated failover
- Data resilience and durability
FFIEC Compliance
- Fulfilling business continuity requirements
- Implementing disaster recovery protocols
Troubleshooting Steps
If an RDS instance is not currently configured for Multi-AZ deployment, follow these troubleshooting steps:
- 1.Check the DB instance's current configuration.
- 2.Determine if there are any resource limitations preventing Multi-AZ deployment.
- 3.Assess the impact on performance and cost.
Remediation Steps
To remediate and enable Multi-AZ support for an existing RDS DB instance, follow these steps:
Step-by-Step Guide
- 1.
Log into the AWS Management Console: Ensure you have the necessary permissions to modify RDS instances.
- 2.
Navigate to the RDS Dashboard: Click on 'Services' and then choose 'RDS' to open the RDS dashboard.
- 3.
Select the DB Instance: Choose the DB instance that requires Multi-AZ enablement.
- 4.
Modify the DB Instance: Click on the 'Modify' button.
- 5.
Enable Multi-AZ Deployment: Scroll to the 'Multi-AZ deployment' option and select 'Yes'.
- 6.
Apply Changes Immediately or During Maintenance Window: Decide whether to apply changes immediately or during your next maintenance window.
- 7.
Review and Modify Additional Settings (optional): Review other settings like instance class, storage, or maintenance settings if needed.
- 8.
Click on 'Continue' and 'Modify DB Instance': After reviewing the changes, click 'Continue' and then 'Modify DB Instance' to start the deployment.
AWS CLI Command
Alternatively, you can enable Multi-AZ using the AWS Command Line Interface (CLI). Here is the necessary CLI command to modify an RDS instance to become Multi-AZ:
aws rds modify-db-instance \ --db-instance-identifier <your-db-instance-identifier> \ --multi-az \ --apply-immediately
Replace
<your-db-instance-identifier>Considerations
- Enabling Multi-AZ may incur higher costs due to the additional resources required.
- There may be a brief period of connectivity loss during the Multi-AZ deployment process.
By implementing Multi-AZ deployments for critical databases, financial institutions can effectively meet FFIEC guidelines, ensuring their RDS instances are resilient to failures and providing the necessary high availability for financial operations.