iCompaas Support

Profile Applicability:

• Level 1

Description:
 This control ensures that Amazon RDS and other AWS-managed database services are deployed using configurations that align with the organization's availability, durability, and cost requirements. Deployment options include Single-AZ or Multi-AZ for RDS, and cluster configurations for DocumentDB or Neptune.

Rationale:
 Selecting the appropriate deployment configuration enhances high availability, fault tolerance, and performance. Multi-AZ configurations provide automated failover, whereas Single-AZ setups may be more cost-effective for non-critical environments.

Impact:
 Pros:

• Reduces downtime during maintenance or instance failure
  

• Supports business continuity planning
  

• Improves fault tolerance with automatic failover
  

Cons:

• Multi-AZ incurs higher costs than Single-AZ
  

• Incorrect configuration could result in degraded performance or availability
  

Default Value:
 The default deployment configuration for Amazon RDS is Single-AZ unless otherwise selected during provisioning.

Pre-requisites:

• An existing or planned Amazon RDS, DocumentDB, or Neptune deployment
  

• IAM permissions to create or modify database instances or clusters
  

• Awareness of the availability requirements of the workload
  

Remediation:

Test Plan

Using AWS Console:

1. Sign in to the AWS Management Console
   

2. Navigate to Amazon RDS > Databases
   

3. Select the target DB instance
   

4. Under the Configuration tab, review the Availability & durability section
   

5. Confirm whether the deployment is Single-AZ or Multi-AZ and match it against workload requirements
   

Using AWS CLI:

1. Describe the DB instance:
   

   aws rds describe-db-instances --db-instance-identifier <your-db-instance-identifier> --query "DBInstances[*].MultiAZ"

Implementation Plan

Using AWS Console:

1. Sign in to the AWS Management Console
   

2. Navigate to Amazon RDS > Databases
   

3. Select the DB instance and click Modify
   

4. Under Availability & durability, choose Multi-AZ deployment
   

5. Review changes and select Apply immediately or during the next maintenance window
   

6. Click Modify DB Instance
   

Using AWS CLI:

1. Modify the DB instance to enable Multi-AZ deployment:
   

    aws rds modify-db-instance --db-instance-identifier <your-db-instance-identifier> --multi-az --apply-immediately

2. (Optional) To deploy a new Multi-AZ instance:
   

    aws rds create-db-instance --db-instance-identifier <your-db-instance-identifier> --db-instance-class db.t3.medium --engine mysql --allocated-storage 20 --master-username <username> --master-user-password <password> --multi-az

Backout Plan

Using AWS Console:

1. Sign in to the AWS Console
   

2. Navigate to Amazon RDS > Databases
   

3. Select the DB instance and click Modify
   

4. Under Availability & durability, change to Single-AZ deployment
   

5. Select Apply immediately or defer to the next maintenance window
   

6. Click Modify DB Instance
   

Using AWS CLI:

1. Modify the DB instance to revert to Single-AZ deployment:
   

    aws rds modify-db-instance --db-instance-identifier <your-db-instance-identifier> --no-multi-az --apply-immediately

References:

• AWS RDS Deployment Options

• CIS AWS Database Services Benchmark v1.0.0, Section 3.2