Ensure RDS instances have Multi-AZ enabled

Error: RDS instances do not have Multi-AZ enabled

Bridgecrew Policy ID: BC_AWS_GENERAL_73
Checkov Check ID: CKV_AWS_157
Severity: LOW

RDS instances do not have Multi-AZ enabled

Description

Amazon RDS Multi-AZ deployments provide enhanced availability for databases within a single region. In the event of a planned or unplanned outage of your DB instance, Amazon RDS automatically switches to a standby replica in another Availability Zone if you have enabled Multi-AZ.

RDS Multi-AZ deployments offer the following benefits:

  1. Enhanced durability.
  2. Increased availability.
  3. Protection of your database performance.
  4. Automatic failover.

Fix - Runtime

AWS Console

  1. Log in to the AWS Management Console at https://console.aws.amazon.com/.
  2. Open the Amazon RDS console.
  3. To create a new Multi-AZ deployment using the AWS Management Console, simply click the "Yes" option for "Multi-AZ Deployment" when launching a DB Instance.
  4. To convert an existing Single-AZ DB Instance to a Multi-AZ deployment, use the "Modify" option corresponding to your DB Instance in the AWS Management Console.

CLI Command

If you use the create-db-instance AWS CLI command to create a Multi-AZ DB instance, set the --multi-az parameter to true. If you use the CreateDBInstance API operation, set the MultiAZ parameter to true. You can't set the AvailabilityZone parameter if the DB instance is a Multi-AZ deployment.

aws rds create-db-instance \
    --db-instance-identifier test-mysql-instance \
    --db-instance-class db.t3.micro \
    --engine mysql \
    --master-username admin \
    --master-user-password secret99 \
    --allocated-storage 20 \
    --multi-az true

Fix - Buildtime

Terraform

  • Resource: aws_db_instance
  • Argument: multi_az - Specifies if the RDS instance is Multi-AZ.
resource "aws_db_instance" "default" {
  ...
  name                 = "mydb"
+ multi_az             = true 
}

CloudFormation

  • Resource: AWS::RDS::DBInstance
  • Argument: Properties.MultiAZ
Resources:
  MyDBEnabled:
    Type: 'AWS::RDS::DBInstance'
    Properties:
      ...
+     MultiAZ: true

Did this page help you?