Profile Applicability:
Level 1
Description:
Amazon Neptune supports Multi-AZ deployments through the use of read replicas in different Availability Zones (AZs). Enabling Multi-AZ configurations ensures high availability and fault tolerance, allowing your Neptune cluster to maintain availability even in the event of an AZ failure.
Rationale:
High Availability: Multi-AZ configurations enhance database availability by replicating data across different Availability Zones.
Disaster Recovery: In case of an AZ failure, read replicas in other AZs can be promoted to primary to maintain service continuity.
Performance Scaling: Multi-AZ deployments also improve read performance by distributing read traffic across multiple replicas.
Impact:
Pros:
Increased fault tolerance and availability.
Improved read performance with distributed replicas.
Automated failover support in the event of an AZ outage.
Cons:
Increased costs due to the additional replicas.
Slight latency increase for cross-AZ data replication.
Default Value:
Multi-AZ is disabled by default when creating a Neptune cluster unless read replicas are manually configured in other AZs.
Pre-Requisites:
AWS IAM Permissions:
neptune:DescribeDBClusters
neptune:CreateDBInstance
neptune:DescribeDBInstances
AWS CLI installed and configured with appropriate credentials.
Remediation:
Test Plan:
Using AWS Console:
Sign in to the AWS Management Console.
Navigate to Amazon Neptune → DB Clusters.
Select the Neptune cluster to audit.
Under Instances, check if the cluster has replicas spread across multiple Availability Zones.
Pass: If there are read replicas in at least one additional AZ.
Fail: If all instances reside in the same AZ.
Using AWS CLI:
List Neptune DB Clusters:
aws neptune describe-db-clusters --region <region> \
--query 'DBClusters[*].{DBClusterIdentifier:DBClusterIdentifier,AvailabilityZones:AvailabilityZones}'Example output:
[
{
"DBClusterIdentifier": "my-neptune-cluster",
"AvailabilityZones": ["us-east-1a", "us-east-1b"]
}
]Pass: If more than one Availability Zone is listed.
Fail: If only one AZ is listed.
Implementation Steps:
Using AWS Console:
Sign in to the AWS Management Console.
Navigate to Amazon Neptune → DB Clusters.
Select the Neptune cluster you want to modify.
Click Actions → Add Reader.
In the Availability Zone dropdown, select a different AZ from the primary instance.
Configure the instance size and settings as required.
Click Add Reader to create the read replica in a different AZ.
Repeat steps to add more replicas if desired.
Using AWS CLI:
Create a Neptune Read Replica in a Different AZ: aws neptune create-db-instance \ --db-instance-identifier my-neptune-replica-1 \ --db-instance-class db.r5.large \ --engine neptune \ --availability-zone us-east-1b \ --db-cluster-identifier my-neptune-cluster \ --region us-east-1
Verify Multi-AZ Deployment:
aws neptune describe-db-instances --region us-east-1 \
--query 'DBInstances[*].{DBInstanceIdentifier:DBInstanceIdentifier,AvailabilityZone:AvailabilityZone}'Example output:
[
{
"DBInstanceIdentifier": "my-neptune-cluster-instance-1",
"AvailabilityZone": "us-east-1a"
},
{
"DBInstanceIdentifier": "my-neptune-replica-1",
"AvailabilityZone": "us-east-1b"
}
]Pass: If instances are spread across multiple AZs.
Backout Plan:
If adding Multi-AZ read replicas causes issues:
Remove the Read Replica:
aws neptune delete-db-instance \ --db-instance-identifier my-neptune-replica-1 \ --region us-east-1 \ --skip-final-snapshot
Failback to Single AZ:
Revert applications to point only to the primary instance.
Verify the Neptune cluster is stable in a single AZ deployment.