Profile Applicability:


Level 1


Description:

Amazon RDS Multi-AZ deployments ensure high availability and durability by automatically replicating the database to a standby instance in a different Availability Zone (AZ). In case of infrastructure failure, AWS automatically fails over to the standby instance, minimizing downtime.

Rationale:

  • High Availability: Ensures database availability even during infrastructure failures.

  • Automatic Failover: If the primary instance fails, AWS automatically switches to a standby instance.

  • Improved Data Durability: Reduces risk of data loss due to storage failures.

  • Business Continuity: Ensures mission-critical applications remain operational.

Impact:

  • Multi-AZ deployments increase cost due to the additional standby instance.

  • Automatic failover may introduce temporary delays but is faster than manual recovery.

  • No manual intervention required in case of a failure

Default Value:

By default, Amazon RDS does not enable Multi-AZ deployment unless explicitly configured.

 Pre-Requisites:

  1. IAM permissions to modify RDS instances:

    • rds:DescribeDBInstances, rds:ModifyDBInstance

  2. AWS CLI installed (for automation)

  3. List of all RDS instances in your AWS account

Remediation:

Test Plan:

Using AWS Console
Step 1: Check Multi-AZ Configuration

  1. Log in to the AWS Management Console

  2. Navigate to RDS Dashboard → Amazon RDS Console

  3. Click Databases

               

  1. Select an RDS instance

           

  1. Click Configuration

               

  1. Look for Multi-AZ Deployment

    •  If Yes, Multi-AZ is enabled.

    •  If No, Multi-AZ is not enabled (instance is at risk).

             

Using AWS CLI

Step 1: List All RDS Instances

aws rds describe-db-instances --query 'DBInstances[*].DBInstanceIdentifier'

Find the RDS instance(s) that need verification.

Step 2: Check If Multi-AZ Is Enabled

aws rds describe-db-instances --db-instance-identifier <db-name> --query 'DBInstances[*].MultiAZ'

Expected Output (If Multi-AZ is enabled):

[

    true

]

Implementation Steps:

Using AWS Console

Step 1: Modify RDS Multi-AZ Setting

  1. Log in to the AWS Console

  2. Navigate to Amazon RDS Console

  3. Click Databases → Select the RDS instance

             

  1. Click Modify

         

  1. Scroll to Availability & Durability

         

  1. Under Multi-AZ Deployment, select Yes

  2. Click Continue

               

  1. Choose one:

    • Apply immediately → Changes take effect immediately (may cause downtime).

    • Apply during next maintenance window (Recommended for production).

                 

  1. Click Modify DB Instance

                   

Using AWS CLI

Step 1: Enable Multi-AZ for a Database Instance

aws rds modify-db-instance --db-instance-identifier <db-name> --multi-az --apply-immediately

This enables Multi-AZ immediately

Step 2: Verify Multi-AZ Deployment

aws rds describe-db-instances --db-instance-identifier <db-name> --query 'DBInstances[*].MultiAZ'

Expected Output (If Multi-AZ is enabled):

[

    true

]

Backout Plan:
If enabling Multi-AZ causes issues: Disable Multi-AZ:  

aws rds modify-db-instance --db-instance-identifier <db-name> --no-multi-az --apply-immediately

  1. Monitor database performance

  2. Restore networking configurations via AWS Console.

References: