Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: RDS DB Instance Multiple AZ Should Be Enabled

This rule ensures that RDS DB instances have multiple availability zones enabled for better redundancy.

RuleRDS DB instance multiple az should be enabled
FrameworkNIST 800-53 Revision 5
Severity
Low

Rule Description:

The rule requires enabling multiple Availability Zones (AZs) for Amazon RDS DB instances to meet the requirements of NIST 800-53 Revision 5. By configuring multi-AZ deployment, you increase the availability and durability of your database by automatically replicating data to a standby instance in a different AZ.

Troubleshooting Steps:

If you encounter any issues while enabling multiple AZs for your RDS DB instance, follow these troubleshooting steps:

  2. 1.
    Verify VPC configuration: Ensure that your VPC has subnets in at least two different AZs. If not, create additional subnets in different AZs.
  4. 2.
    Check subnet configuration: Ensure that the subnets you selected for your DB instance have the proper route tables and network ACLs configured to allow communication between AZs.
  6. 3.
    Check RDS DB instance status: Make sure your RDS DB instance is in an available state. If it's not, troubleshoot any issue preventing the instance from being available.
  8. 4.
    Review security group rules: Verify that the security group associated with your DB instance allows incoming and outgoing traffic between the AZs.
  10. 5.
    Check IAM permissions: Ensure that you have the necessary permissions to modify the DB instance and the associated resources.

Necessary Codes:

There are no specific codes required to enable multiple AZs for an RDS DB instance. It can be done through the AWS Management Console or using CLI commands.

Step-by-Step Guide for Remediation:

Follow these steps to enable multiple AZs for your RDS DB instance:

  2. 1.
    Open the AWS Management Console and navigate to the Amazon RDS service.
  4. 2.
    Select the region where your RDS DB instance is located.
  6. 3.
    Click on "Databases" in the left-hand menu and select the desired DB instance.
  8. 4.
    In the "Details" tab, click on the "Modify" button.
  10. 5.
    Scroll down to the "Availability & durability" section.
  12. 6.
    Select the option for "Enable Multi-AZ deployment."
  14. 7.
    Review the estimated monthly costs associated with enabling Multi-AZ.
  16. 8.
    Click on "Continue."
  18. 9.
    Review the summary of changes and ensure that everything is correct.
  20. 10.
    Click on "Modify DB instance" to apply the changes.

After applying the changes, your RDS DB instance will be configured for multi-AZ deployment, complying with the NIST 800-53 Revision 5 requirement.

Note: The modification process may cause a brief interruption in the availability of your DB instance, as it will be automatically failed over to the standby instance during the process.

CLI Command for Remediation:

If you prefer using CLI commands to enable multi-AZ deployment, you can follow these steps:

  2. 1.
    Open the AWS CLI or any command-line interface that has the AWS CLI configured.
  4. 2.
    Execute the following command to modify the DB instance with multi-AZ deployment: 
    aws rds modify-db-instance --db-instance-identifier <DB_INSTANCE_IDENTIFIER> --multi-az
    Replace 
    <DB_INSTANCE_IDENTIFIER>
    with the actual identifier of your RDS DB instance.
  6. 3.
    Wait for the command to complete and verify that the modification was successful.

By following these steps, you will successfully enable multi-AZ deployment for your RDS DB instance, meeting the requirements of NIST 800-53 Revision 5.

Is your System Free of Underlying Vulnerabilities?
Find Out Now