Amazon RDS
      Back to home
      1. Knowledge Base
      2. AWS Knowledge Base
      3. Amazon RDS

      RDS Multiple AZ Disabled

      Risk Level: LOW

      Description:

      This plugin ensures that cross-AZ RDS instances are created for high availability. When many RDS instances are created in a single AZ, all systems that rely on that database have a single point of failure. To ensure adequate failover, all RDS instances should be established in multiple AZs.


      Recommended Action: Modify the RDS instance to enable scaling across multiple availability zones.

      Configuration Parameters

      RDS Multiple AZ Ignore Replicas: This parameter denotes if the RDS read replicas need multi AZ configuration to be set. If it is set to true, RDS read replicas will not be scanned to check for the vulnerability.  

      By default, the value is set to false. Therefore, it will return a vulnerability alert if the RDS read replicas do not have multi-AZ configuration enabled.

      About the Service :

      Amazon RDS (Amazon Relational Database Service) makes it simple to set up, run, and scale a relational database in the cloud. It offers scalable capacity at a low cost while automating time-consuming administrative activities including hardware provisioning, database setup, patching, and backups. 

      Impact: 

      Not having Multi-Availability Zone enabled for your RDs instance can lead to major loss of data in case of a failure such as an Availability Zone outage, internal hardware or network outage, or a software failure.

      Steps to reproduce :

      1. .Sign in to your AWS management console.
      2. Navigate to the RDS dashboard at: https://console.aws.amazon.com/rds/
      3. On the left navigation panel, under RDS Dashboard, select Databases.
      4. Select the RDS instance that you want to examine.
      5. Click on Configuration.
      6. Under the Instance panel, check the status of Multi-AZ.
      7. If the value is set to No, the feature is not enabled, which means that the selected RDS cluster is not deployed in multiple Availability Zones.
      8. Repeat steps no. 4 – 8 for each RDS instance provisioned in the current region as well as in other AWS regions.

      Steps for remediation :

      1. .Sign in to your AWS management console.
      2. Navigate to the RDS dashboard at: https://console.aws.amazon.com/rds/
      3. On the left navigation panel, under RDS Dashboard, select Databases.
      4. Select the RDS instance that you want to reconfigure.
      5. Click on Modify.
      6. On the Modify DB Instance page that appears, scroll down to Availability & Durability.
      7. Under  Availability & Durability, select Create a Standby instance.
      8. Click on Continue.
      9. On the Modify DB Instance page that appears, click on Apply Immediately.
      10. Repeat steps no. 4 – 10 for each RDS cluster available in the current region as well as in other AWS regions.


      References: