This rule ensures RDS DB instances have multiple Availability Zone support enabled for fault tolerance and high availability.
Rule | RDS DB instance multiple az should be enabled |
Framework | NIST Cybersecurity Framework (CSF) v1.1 |
Severity | ✔ Low |
Rule Description
Enabling multiple Availability Zones (AZs) for an Amazon RDS DB instance is recommended as a best practice for securing your environment according to the NIST Cybersecurity Framework (CSF) v1. This rule aims to enhance the resilience, availability, and disaster recovery capabilities of your RDS instances.
Multiple AZ deployment means that your RDS DB instance will be replicated across multiple AWS Availability Zones, ensuring that if one AZ becomes unavailable, your database can still remain operational by automatically failing over to a healthy AZ.
Troubleshooting Steps
Step 1: Verify RDS DB instance availability zones
Step 2: Check if multiple AZs are enabled
Step 3: Enable multiple AZs
If the "Multi-AZ" value is set to "No", follow these steps to enable multiple AZs:
Necessary Codes
No specific code snippets are required for enabling multiple Availability Zones for an RDS DB instance as it can be done directly through the AWS Management Console.
Remediation Steps
To enable multiple Availability Zones for an RDS DB instance, follow these steps:
Additional Information
Enabling multiple Availability Zones for your RDS DB instance offers increased fault tolerance and disaster recovery capabilities. This setup ensures that your database remains highly available even if an entire AWS Availability Zone becomes unavailable due to infrastructure failures, natural disasters, or other unforeseen circumstances. It is recommended to have multiple AZs enabled for critical production databases to minimize downtime and provide seamless failover capabilities.