More Info:
Your RDS clusters should be using Multi-AZ deployment configurations for high availability and automatic failover support fully managed by AWS.Risk Level
MediumAddress
ReliabilityCompliance Standards
HIPAA, NIST, HITRUST, AWSWAF, SOC2, NISTCSF, PCIDSSTriage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration of not using Multi-AZ Deployment for an AWS RDS instance, follow these steps using the AWS Management Console:
- Login to AWS Console: Go to the AWS Management Console (https://aws.amazon.com/) and log in to your account.
- Navigate to RDS Service: Click on the “Services” dropdown menu at the top left corner and select “RDS” under the Database category.
- Select the RDS Instance: From the list of RDS instances, select the instance for which you want to enable Multi-AZ Deployment by clicking on its identifier.
- Enable Multi-AZ Deployment: In the RDS instance details page, click on the “Instance actions” dropdown menu and select “Modify”.
- Modify the Deployment Options: Scroll down to the “Deployment options” section and check the box next to “Enable Multi-AZ deployment”.
- Review and Apply Changes: Review the other configuration settings to ensure they are correct. Click on the “Continue” button.
- Apply Changes: On the next page, review the summary of changes and click on the “Modify DB Instance” button to apply the changes.
- Monitor the Modification: The modification process will start, and you can monitor the progress on the RDS console. Once the modification is complete, the Multi-AZ Deployment will be enabled for your RDS instance.
Using CLI
Using CLI
To remediate the misconfiguration of not using Multi-AZ deployment for an AWS RDS instance using AWS CLI, follow these steps:
- Open the AWS CLI on your local machine.
-
Run the following command to modify your RDS instance to enable Multi-AZ deployment:
Replace
YOUR_DB_INSTANCE_IDENTIFIERwith the actual identifier of your RDS instance. -
Wait for the modification to complete. You can check the status of the modification by running the following command:
- Once the modification is complete and the status shows as “available”, the Multi-AZ deployment for your RDS instance has been successfully enabled.
Using Python
Using Python
To remediate the misconfiguration of not using Multi-AZ deployment for an AWS RDS instance using Python, you can follow these steps:
- Import the necessary libraries:
- Define the AWS region and the RDS instance identifier:
- Create an RDS client using Boto3:
- Modify the RDS instance to enable Multi-AZ deployment:
- Check the response to ensure the modification was successful:
- Run the Python script to enable Multi-AZ deployment for the specified RDS instance.