Require Multi Availability Zones turned on for RDS Instances

Description

Multi availability zones must be enabled for RDS Instances.

Remediation Steps

AWS Console

• Navigate to RDS.

• In the left navigation, select Snapshots.

• Create a database snapshot.

• Select the snapshot and click Actions > Restore Snapshot.

• On the Restore DB Instance page, ensure Multi-AZ deployment is enabled.

• Select Restore DB Instance.

AWS CLI

• List all RDS instances:

  • aws rds describe-db-instances --query 'DBInstances[*].DBInstanceIdentifier'

• Check if each RDS instance has Multi-AZ enabled:

  • aws rds describe-db-instances --db-instance-identifier <instance name> --query 'DBInstances[*].MultiAZ'

• If an instance shows “false”, create a snapshot of it:

  • aws rds create-db-snapshot --db-instance-identifier <instance name> --db-snapshot-identifier <name of new snapshot>

• Restore snapshot to new database instance with Multi-AZ enabled:

  • aws rds restore-db-instance-from-db-snapshot --db-instance-identifier <new db instance name> --db-snapshot-identifier <name of second snapshot> --multi-az

Terraform

• Ensure that the aws_db_instance multi_az field is set to true.

Example Configuration

resource "aws_db_instance" "main" {
  multi_az             = true
  # other required fields here
}

Documentation Links

AWS Console and CLI

• Creating a DB Snapshot

• Restoring from a DB Snapshot

• CLI: describe-db-instances

• CLI: create-db-snapshot

• CLI: copy-db-snapshot

• CLI: restore-db-instance-from-db-snapshot

Terraform

• Resource: aws_db_instance

  • Field: multi_az