Detections
Analytics

2.2.4 Ensure Multi-AZ deployments are used for enhanced availability in Amazon RDS

Information

Amazon RDS offers Multi-AZ deployments that provide enhanced availability and durability for your databases, using synchronous replication to replicate data to a standby instance in a different Availability Zone (AZ). In the event of an infrastructure failure, Amazon RDS automatically fails over to the standby to minimize downtime and ensure business continuity.

Database availability is crucial for maintaining service uptime, particularly for applications that are critical to the business. Implementing Multi-AZ deployments with Amazon RDS ensures that your databases are protected against unplanned outages due to hardware failures, network issues, or other disruptions. This configuration enhances both the availability and durability of your database, making it a highly recommended practice for production environments.

Solution

From Console:

 - Login to the AWS Management Console and open the RDS dashboard at

AWS RDS Console

.
 - In the left navigation pane, click on Databases
 - Select the database instance that needs Multi-AZ deployment to be enabled.
 - Click the Modify button at the top right.
 - Scroll down to the Availability & Durability section.
 - Under Multi-AZ deployment select Yes to enable.
 - Review the changes and click Continue
 - On the Review page, choose Apply immediately to make the change without waiting for the next maintenance window, or Apply during the next scheduled maintenance window
 - Click Modify DB Instance to apply the changes.

From Command Line:

 -

Run the following command to modify the RDS instance and enable Multi-AZ:

aws rds modify-db-instance --region <region-name> --db-instance-identifier <db-name> --multi-az --apply-immediately
 -

Confirm that the Multi-AZ deployment is enabled by running the following command:

aws rds describe-db-instances --region <region-name> --db-instance-identifier <db-name> --query 'DBInstances[*].MultiAZ'
 - The output should return True indicating that Multi-AZ is enabled.

 -

Repeat the procedure for other instances as necessary.

Impact:

Multi-AZ deployments may increase costs due to the additional resources required to maintain a standby instance; however, the benefits of increased availability and reduced risk of downtime outweigh these costs for critical applications.

See Also

https://workbench.cisecurity.org/benchmarks/19631

Item Details

Category: CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CM-7, 800-53|CP-6, 800-53|CP-7, 800-53|PL-8, 800-53|PM-7, 800-53|SA-8, 800-53|SC-7, CSCv7|2.10

Plugin: amazon_aws

Control ID: c0aa218401efab432a07e6651e44e764b98fabfe4124a4ee913de5da2ec025aa