Control: 5 RDS DB instances should be configured with multiple Availability Zones
Description
This control checks whether high availability is enabled for your RDS DB instances.
RDS DB instances should be configured for multiple Availability Zones (AZs). This ensures the availability of the data stored. Multi-AZ deployments allow for automated failover if there is an issue with Availability Zone availability and during regular RDS maintenance.
Remediation
To remediate this issue, update your DB instances to enable multiple Availability Zones.
To enable multiple Availability Zones for a DB instance
- Open the Amazon RDS console.
- In the navigation pane, choose
Databases, and then choose the DB instance that you want to modify. - Choose
Modify. TheModify DB Instancepage appears. - Under
Instance Specifications, setMulti-AZ deploymenttoYes. - Choose
Continueand then check the summary of modifications. - (Optional) Choose
Apply immediatelyto apply the changes immediately. Choosing this option can cause an outage in some cases. For more information, see Using the Apply Immediately setting. - On the confirmation page, review your changes. If they are correct, choose
Modify DB Instanceto save your changes.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.foundational_security_rds_5Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.foundational_security_rds_5 --shareSQL
This control uses a named query:
select arn as resource, case when engine ilike any (array ['%aurora-mysql%', '%aurora-postgres%']) then 'skip' when multi_az then 'ok' else 'alarm' end as status, case when engine ilike any (array ['%aurora-mysql%', '%aurora-postgres%']) then title || ' cluster instance.' when multi_az then title || ' Multi-AZ enabled.' else title || ' Multi-AZ disabled.' end as reason , region, account_idfrom aws_rds_db_instance;