Rule: RDS DB Instance Multiple AZ Should Be Enabled
This rule ensures that RDS DB instances are configured to run in multiple Availability Zones for enhanced fault tolerance.
| Rule | RDS DB instance multiple az should be enabled |
| Framework | NIST Cybersecurity Framework (CSF) v1.1 |
| Severity | ✔ Low |
Rule Description
The NIST Cybersecurity Framework (CSF) v1 requires enabling the use of multiple Availability Zones (AZs) for Amazon RDS DB instances. This ensures high availability and fault tolerance by distributing the database across different physical locations within a region.
Steps to Enable Multiple AZs for RDS DB Instance
Follow the steps below to enable multiple AZs for your Amazon RDS DB instance:
Step 1: Sign in to the AWS Management Console
Sign in to the AWS Management Console using your account credentials.
Step 2: Open Amazon RDS service
Navigate to the Amazon RDS service by searching for "RDS" in the console search bar and selecting the "Amazon RDS" option.
Step 3: Select the DB instance
From the Amazon RDS dashboard, select the DB instance for which you want to enable multiple AZs.
Step 4: Modify the DB instance
Click on the "Actions" button and select "Modify" from the dropdown menu.
Step 5: Enable multiple AZs
Scroll down to the "Settings" section of the modification page and locate the "Availability & durability" section.
- In the "Multi-AZ deployment" field, select the option "Yes" to enable multiple AZs.
- Choose the desired AZs from the available options.
Step 6: Apply changes
Review the other configuration parameters if necessary, and click on the "Continue" button.
Step 7: Confirm the modifications
Review the summary of the modifications on the confirmation page and ensure that the changes align with your requirements.
Click on the "Modify DB Instance" button to apply the changes.
Step 8: Wait for modification completion
The modification process may take some time to complete. Wait for the modification status to change to "Available."
Step 9: Verify multi-AZ deployment
Once the modification is complete, validate that the DB instance is now deployed in multiple AZs.
Troubleshooting Steps
If you encounter any issues while enabling multiple AZs for your RDS DB instance, follow these troubleshooting steps:
- 1.
Insufficient permissions: Ensure that you have the necessary permissions to modify the DB instance. Check your IAM policies and roles to verify the required privileges.
- 2.
Unsupported DB engine: Confirm that your selected DB engine supports a Multi-AZ deployment. Not all RDS DB engines are compatible with this feature.
- 3.
Insufficient resource quota: Ensure that you have sufficient resource quota in your AWS account to enable Multi-AZ deployment. Check your account limits and request a quota increase if needed.
- 4.
Incompatible configuration: Review the current configuration of your DB instance to identify any incompatible settings that might prevent Multi-AZ deployment. For example, if you are using read replicas or cross-region replicas, you may need to remove these configurations before enabling Multi-AZ.
If the above troubleshooting steps do not resolve the issue, consult the AWS documentation or contact AWS Support for further assistance.
Additional Information
Enabling multiple AZs for your RDS DB instance enhances resilience and availability by automatically replicating the database to a standby instance in a different AZ. In the event of a failure or maintenance event, Amazon RDS automatically fails over to the standby instance, minimizing downtime and ensuring data durability.