Rule: RDS DB Instance Multiple AZ Should Be Enabled
This rule ensures that RDS DB instances have multiple availability zones enabled for better fault tolerance.
| Rule | RDS DB instance multiple az should be enabled |
| Framework | NIST Cybersecurity Framework (CSF) v1.1 |
| Severity | ✔ Low |
Rule Description
To align with the NIST Cybersecurity Framework (CSF) v1, it is recommended to enable Multi-AZ deployment for RDS (Relational Database Service) DB instances in order to enhance availability and reliability.
When Multi-AZ is enabled, RDS automatically replicates your primary database to a standby database in a different Availability Zone (AZ) within the same region. This ensures that in the event of an infrastructure failure, Amazon Web Services (AWS) can automatically failover to the standby database without any manual intervention, thus minimizing downtime and improving fault tolerance.
Troubleshooting Steps (if applicable)
If Multi-AZ is not enabled for your RDS DB instance, follow the steps below to enable it:
- 1.Identify the RDS DB instance for which you want to enable Multi-AZ.
- 2.Log in to the AWS Management Console.
- 3.Go to the Amazon RDS service.
- 4.From the left-hand menu, select "Databases" to view all your RDS instances.
- 5.Find the specific DB instance and click on its name to go to its details page.
- 6.In the "Deployment" section, click on the "Modify" button.
- 7.Under "Additional Configuration," find the "Multi-AZ deployment" option and check the box to enable it.
- 8.Review any other configuration options as needed.
- 9.Click on the "Continue" button.
- 10.Review the summary of changes and ensure that Multi-AZ deployment is included.
- 11.Click on the "Modify DB instance" button to apply the changes.
Note: Enabling Multi-AZ may incur additional costs, so make sure to review the pricing details before enabling it.
Necessary Codes (if applicable)
No specific codes are required in this case, as enabling Multi-AZ deployment is done through the AWS Management Console.
Step-by-step Guide for Remediation
Follow the steps below to remediate and enable Multi-AZ deployment for an RDS DB instance using the AWS Management Console:
- 1.Log in to the AWS Management Console.
- 2.Go to the Amazon RDS service.
- 3.From the left-hand menu, select "Databases" to view all your RDS instances.
- 4.Identify the DB instance for which you want to enable Multi-AZ and click on its name to go to its details page.
- 5.In the "Deployment" section, click on the "Modify" button.
- 6.Under "Additional Configuration," find the "Multi-AZ deployment" option and check the box to enable it.
- 7.Review any other configuration options as needed.
- 8.Click on the "Continue" button.
- 9.Review the summary of changes and ensure that Multi-AZ deployment is included.
- 10.Click on the "Modify DB instance" button to apply the changes.
- 11.Wait for the modification to complete. This may take a few minutes.
- 12.Once the modification is complete, AWS will automatically create a standby database in a different AZ within the same region.
- 13.Test failover by causing a failure in the primary AZ (e.g., manually shutting down instances in the AZ).
- 14.Monitor the failover process and ensure that the standby database takes over seamlessly.
- 15.Verify that your applications are functioning properly after the failover.
- 16.Consider enabling automated backups and monitoring to enhance the overall security and management of your RDS DB instance.
By following these steps, you have successfully enabled Multi-AZ deployment for your RDS DB instance, which aligns with the NIST Cybersecurity Framework (CSF) v1 recommendations.