AWS RDS Instance With Multi-Availability Zone Disabled

This policy identifies RDS instances which have Multi-Availability Zone(Multi-AZ) disabled. When RDS DB instance is enabled with Multi-AZ, RDS automatically creates a primary DB Instance and synchronously replicates the data to a standby instance in a different availability zone. These Multi-AZ deployments will improve primary node reachability by providing read replica in case of network connectivity loss or loss of availability in the primary’s availability zone for read/write operations, so by making them the best fit for production database workloads.

Policy Details

Policy Subtype
Run, Build
Severity
Medium
Template Type
CloudFormation

Build Rules

AWS RDS instance with Multi-Availability Zone disabled.
JSON Query:
$.Resources.*[?(@.Type=='AWS::RDS::DBInstance')].Properties.MultiAZ any null or $.Resources.*[?(@.Type=='AWS::RDS::DBInstance')].Properties.MultiAZ any false
Recommendation:
Recommended solution to enable Multi-Availability for RDS instance.
It is recommended that Multi-Availability is enabled for RDS instance. Please make sure that "MultiAZ" attribute exists and is set to "true".
For example:
"MyDB1": { "Type": "AWS::RDS::DBInstance", "Properties": { "AllocatedStorage": "100", "DBInstanceClass": "db.t3.small", "MultiAZ": true } }

Run Rule Recommendation

  1. Sign into the AWS console.
  2. In the console, select the specific region from region drop down on the top right corner, for which the alert is generated.
  3. Navigate to Amazon RDS console.
  4. Choose Instances, and then select the reported DB instance.
  5. Click on 'Modify'.
  6. In 'Instance Specifications' section for the 'Multi-AZ Deployment', select 'Yes'.
  7. Click on 'Continue'.
  8. On the confirmation page, Review the changes and Click on 'Modify DB Instance' to save your changes.

Recommended For You