Back to All Checks
Medium Neptune Regional

Neptune DB clusters should be deployed across multiple Availability Zones

NIST 800-53

Description

This control checks if an Amazon Neptune DB cluster has read-replica instances in multiple Availability Zones (AZs). The control fails if the cluster is deployed in only one AZ. Read-replicas act as failover targets for the primary instance during AZ unavailability or maintenance. If the primary instance fails, Neptune promotes a read-replica to become the new primary. Without read-replicas, the DB cluster remains unavailable until the primary instance is re-created, which takes significantly longer. To ensure high availability, it's recommended to create one or more read-replica instances with the same DB instance class as the primary, located in different AZs.

Remediation

To remediate Neptune DB clusters not deployed across multiple Availability Zones, you need to create read-replica instances in different AZs.

Steps

  1. Navigate to the Amazon Neptune console
  2. Select the DB cluster that needs remediation
  3. Click on 'Actions' and select 'Create read replica'
  4. Choose a different Availability Zone for the read replica
  5. Select the same DB instance class as the primary instance
  6. Configure any additional settings as needed
  7. Review the read replica configuration
  8. Click 'Create read replica' to deploy
  9. Verify that the read replica is created in a different AZ
  10. Test failover functionality to ensure high availability

Compliance

NIST 800-53
Start Your Free Security Check