Enable Automatic Failover
More Info:
Ensure that your Microsoft Azure Cosmos DB accounts are using the Automatic Failover feature in order to enable resource replication and fault tolerance at the account level. Automatic failover allows Azure Cosmos DB to failover to the Azure cloud region with the highest failover priority when the source region become unavailable, without any additional action from the application or the user. The Cosmos DB account must have two or more regions configured in order to enable the feature.Risk Level
MediumAddress
SecurityCompliance Standards
CBPTriage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration of “Enable Automatic Failover” in Azure, please follow the below steps:
- Log in to the Azure portal at https://portal.azure.com/
- Navigate to the Azure SQL database that you want to remediate.
- Click on “Failover Groups” in the left-hand menu.
- Click on “Add Failover Group.”
- In the “Add Failover Group” blade, provide the following details:
- Name: A unique name for the failover group.
- Subscription: The subscription associated with the failover group.
- Resource group: The resource group associated with the failover group.
- Primary region: The region where the primary database is located.
- Secondary region: The region where the secondary database is located.
- Click on “Create” to create the failover group.
- Once the failover group is created, click on it to open the “Failover Group” blade.
- In the “Failover Group” blade, click on “Add Secondary.”
- In the “Add Secondary” blade, provide the following details:
- Subscription: The subscription associated with the secondary database.
- Server: The server where the secondary database is located.
- Database: The name of the secondary database.
- Auto-failover: Select the “On” option to enable automatic failover.
- Click on “Create” to add the secondary database to the failover group.
Using CLI
Using CLI
To enable automatic failover in Azure using Azure CLI, follow these steps:
- Open the Azure CLI command prompt.
-
Log in to your Azure account using the command:
az login -
Once you are logged in, select the desired subscription using the command:
az account set --subscription <subscription_id> -
Enable automatic failover for the desired Azure SQL Database using the command:
az sql failover-group update --name <failover_group_name> --resource-group <resource_group_name> --partner-server <partner_server_name> --failover-policy AutomaticReplace the following parameters:-
<failover_group_name>: The name of the failover group that you want to update. -
<resource_group_name>: The name of the resource group that contains the failover group. -
<partner_server_name>: The name of the partner server to which you want to fail over. -
Automatic: This parameter specifies that the failover policy should be set to automatic.
-
-
Verify that automatic failover has been enabled by checking the failover policy using the command:
az sql failover-group show --name <failover_group_name> --resource-group <resource_group_name>This command will return the details of the failover group, including the failover policy.
Using Python
Using Python
To remediate the misconfiguration of enabling automatic failover in Azure using Python, you can follow the below steps:This will enable automatic failover for the Redis cache instance in Azure.
- Import the required libraries:
- Set the required credentials:
- Get the Redis cache instance:
- Update the Redis cache instance to enable automatic failover: