RDS Aurora cluster multi-AZ should be enabled

Description

An Aurora cluster in a Multi-AZ (availability zone) deployment provides enhanced availability and durability of data. When an Aurora cluster is provisioned, Amazon creates a primary DB instance and replicates the data to a Aurora replica in another availability zone.

Remediation Steps

AWS Console

AWS does not allow you to change an Aurora cluster’s multi-AZ setting after deployment.

To create a new Aurora cluster with multi-AZ enabled:

• Navigate to RDS.

• Select Create Database.

• Select Standard Create.

• Select Amazon Aurora as the engine type.

• Under Availability & durability, Multi-AZ deployment, select Create an Aurora Replica/Reader node in a different AZ.

• Configure the rest of the settings as desired.

• Select Create Database.

AWS CLI

AWS does not allow you to change an Aurora cluster’s multi-AZ setting after deployment.

To create a new Aurora MySQL DB cluster with multi-AZ enabled:

• Create the Aurora MySQL DB cluster:

aws rds create-db-cluster --db-cluster-identifier <db cluster identifier> --engine aurora-mysql \
     --engine-version 5.7.12 --master-username <username> --master-user-password <password> \
     --db-subnet-group-name <subnet group name> --vpc-security-group-ids <sg-ids>

• Create the primary instance for your MySQL DB cluster:

aws rds create-db-instance --db-instance-identifier <db instance identifier> \
     --db-cluster-identifier <db cluster identifier> --engine aurora-mysql --db-instance-class <instance class>

To create a new Aurora PostgreSQL DB cluster with multi-AZ enabled:

• Create the PostgreSQL DB cluster:

aws rds create-db-cluster --db-cluster-identifier <db cluster identifier> --engine aurora-postgresql \
     --master-username <username> --master-user-password <password> \
     --db-subnet-group-name <subnet group name> --vpc-security-group-ids <sg-ids>

• Create the primary instance for your PostgreSQL DB cluster:

aws rds create-db-instance --db-instance-identifier <db instance identifier> \
     --db-cluster-identifier <db cluster identifier> --engine aurora-postgresql --db-instance-class <instance class>

Terraform

• Ensure that the aws_rds_cluster availability_zones field has more than one zone listed.

Example Configuration

resource "aws_rds_cluster" "example" {
  availability_zones = ["us-west-2a", "us-west-2b", "us-west-2c"]
  # other required fields here
}

Documentation Links

AWS Console and CLI

• Settings That Do Not Apply to Amazon Aurora

• Console: Creating a DB Cluster

• CLI: Creating a DB Cluster

• CLI: create-db-cluster

• CLI: create-db-instance

Terraform

• Resource: aws_rds_cluster

  • Field: availability_zones