Control: 13 DMS replication instances should be configured to use multiple Availability Zones
Description
This control checks whether an AWS Database Migration Service (AWS DMS) replication instance is configured to use multiple Availability Zones (Multi-AZ deployment). The control fails if the AWS DMS replication instance isn't configured to use a Multi-AZ deployment.
In a Multi-AZ deployment, AWS DMS automatically provisions and maintains a standby replica of a replication instance in a different Availability Zone (AZ). The primary replication instance is then synchronously replicated to the standby replica. If the primary replication instance fails or becomes unresponsive, the standby resumes any running tasks with minimal interruption. For more information, see Working with a replication instance in the AWS Database Migration Service User Guide.
Remediation
After you create an AWS DMS replication instance, you can change the Multi-AZ deployment setting for it. For information about changing this and other settings for an existing replication instance, see Modifying a replication instance in the AWS Database Migration Service User Guide.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.foundational_security_dms_13Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.foundational_security_dms_13 --shareSQL
This control uses a named query:
select arn as resource, case when multi_az then 'ok' else 'alarm' end as status, case when multi_az then title || ' Multi-AZ enabled.' else title || ' Multi-AZ disabled.' end as reason , region, account_idfrom aws_dms_replication_instance;