Ensure RDS instances have Multi-AZ enabled
In a Multi-AZ DB instance deployment, Amazon RDS automatically provisions and maintains a synchronous standby replica in a different Availability Zone. The primary DB instance is synchronously replicated across Availability Zones to a standby replica to provide data redundancy and minimize latency spikes during system backups. Running a DB instance with high availability can enhance availability during planned system maintenance. It can also help protect your databases against DB instance failure and Availability Zone disruption
Risk Level: Informational
Cloud Entity: Amazon RDS
CloudGuard Rule ID: D9.CFT.OPE.19
Covered by Spectral: Yes
Category: Database
GSL LOGIC
AWS_RDS_DBInstance should have MultiAZ='true'
REMEDIATION
From CFT
Set AWS::RDS::DBInstance::MultiAZ to true.
Resources:
MyDB:
Type: 'AWS::RDS::DBInstance'
Properties:
...
MultiAZ: true
...
References
- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-multiaz
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.MultiAZ.html
Amazon RDS
Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need.
Compliance Frameworks
- AWS CloudFormation ruleset
Updated about 1 year ago