Profile Applicability:

  • Level 1

Description:

Amazon Neptune supports Multi-AZ deployments through the use of read replicas in different Availability Zones (AZs). Enabling Multi-AZ configurations ensures high availability and fault tolerance, allowing your Neptune cluster to maintain availability even in the event of an AZ failure.

Rationale:

  • High Availability: Multi-AZ configurations enhance database availability by replicating data across different Availability Zones.

  • Disaster Recovery: In case of an AZ failure, read replicas in other AZs can be promoted to primary to maintain service continuity.

  • Performance Scaling: Multi-AZ deployments also improve read performance by distributing read traffic across multiple replicas.

Impact:

  • Pros:

    • Increased fault tolerance and availability.

    • Improved read performance with distributed replicas.

    • Automated failover support in the event of an AZ outage.

  • Cons:

    • Increased costs due to the additional replicas.

    • Slight latency increase for cross-AZ data replication.

Default Value:

  • Multi-AZ is disabled by default when creating a Neptune cluster unless read replicas are manually configured in other AZs.

Pre-Requisites:

  • AWS IAM Permissions:

    • neptune:DescribeDBClusters

    • neptune:CreateDBInstance

    • neptune:DescribeDBInstances

  • AWS CLI installed and configured with appropriate credentials.

Remediation:

Test Plan:

Using AWS Console:

  1. Sign in to the AWS Management Console.

  2. Navigate to Amazon Neptune → DB Clusters.

       

         

  1. Select the Neptune cluster to audit.

     

  1. Under Instances, check if the cluster has replicas spread across multiple Availability Zones.

    • Pass: If there are read replicas in at least one additional AZ.

    • Fail: If all instances reside in the same AZ.

Using AWS CLI:

List Neptune DB Clusters:

aws neptune describe-db-clusters --region <region> \

--query 'DBClusters[*].{DBClusterIdentifier:DBClusterIdentifier,AvailabilityZones:AvailabilityZones}'

Example output:

[

  {

    "DBClusterIdentifier": "my-neptune-cluster",

    "AvailabilityZones": ["us-east-1a", "us-east-1b"]

  }

]
  • Pass: If more than one Availability Zone is listed.

  • Fail: If only one AZ is listed.

Implementation Steps:

Using AWS Console:

  1. Sign in to the AWS Management Console.

  2. Navigate to Amazon Neptune → DB Clusters.

 

         

  1. Select the Neptune cluster you want to modify.

   

  1. Click Actions → Add Reader.

     

  1. In the Availability Zone dropdown, select a different AZ from the primary instance.

         

  1. Configure the instance size and settings as required.

  2. Click Add Reader to create the read replica in a different AZ.

       

  1. Repeat steps to add more replicas if desired.

Using AWS CLI:

Create a Neptune Read Replica in a Different AZ:
aws neptune create-db-instance \

--db-instance-identifier my-neptune-replica-1 \

--db-instance-class db.r5.large \

--engine neptune \

--availability-zone us-east-1b \

--db-cluster-identifier my-neptune-cluster \

--region us-east-1

Verify Multi-AZ Deployment:

aws neptune describe-db-instances --region us-east-1 \

--query 'DBInstances[*].{DBInstanceIdentifier:DBInstanceIdentifier,AvailabilityZone:AvailabilityZone}'

Example output:

[

  {

    "DBInstanceIdentifier": "my-neptune-cluster-instance-1",

    "AvailabilityZone": "us-east-1a"

  },

  {

    "DBInstanceIdentifier": "my-neptune-replica-1",

    "AvailabilityZone": "us-east-1b"

  }

]
  • Pass: If instances are spread across multiple AZs.

Backout Plan:

If adding Multi-AZ read replicas causes issues:

Remove the Read Replica:

aws neptune delete-db-instance \

--db-instance-identifier my-neptune-replica-1 \

--region us-east-1 \

--skip-final-snapshot
  • Failback to Single AZ:

    • Revert applications to point only to the primary instance.

    • Verify the Neptune cluster is stable in a single AZ deployment.

References:

  1. Amazon Neptune Documentation

  2. Creating and Managing Neptune Read Replicas

  3. AWS CLI Neptune Documentation