AWS Database Migration Service
  1. CNS Policies
  2. AWS Knowledge Base
  3. AWS Database Migration Service

DMS No Multi-AZ

This plugin ensures that your Amazon Database Migration Service (DMS) replication instances are using Multi-AZ deployment configurations.

Risk Level: Low

Description: 

This plugin ensures that your Amazon Database Migration Service (DMS) replication instances are using Multi-AZ deployment configurations. AWS can experience downtime in one or more zones at some point in time. To ensure the smooth functioning of your instances, AWS DMS must be configured with multiple availability zones. It will automatically create an instance in another zone if one is facing downtime.

About the Service :

AWS Database Migration Service (AWS DMS) enables you to rapidly and securely move databases to AWS. During the migration, the source database remains fully operational, reducing downtime to applications based on the database. The AWS Database Migration Service can move your data from and to the commercial and open source most often used databases.

Impact : 

With just a single availability zone, your instance server can face downtime in case AWS is facing some issues in that region. To ensure smooth functioning of the DMS service, replication instances must be set up in multiple Availability Zones as it will create instances in another zone when one is facing downtime.  

Steps to reproduce :

  1. Log in to AWS Console.
  2. Navigate to the DMS i.e. Database Migration Service dashboard. You can use the link (https://us-east-2.console.aws.amazon.com/dms/ ) if already logged in.
  3. Select Replication Instances in the left navigation panel.
  4. Scroll right to the Multi-AZ section. If the value is set to No, the vulnerability exists.
  5. Repeat steps for other replication instances.

 

Steps for remediation :

Enable Multi-AZ for DMS replication instances.

  1. Log in to AWS Console.
  2. Navigate to the DMS i.e. Database Migration Service dashboard. You can use the link (https://us-east-2.console.aws.amazon.com/dms/ ) if already logged in.
  3. Select Replication Instances in the left navigation panel.
  4. Select the vulnerable instance by clicking on its Name.
  5. From the Actions menu, click on Modify.
  6. In the Multi-AZ option, select Production workload from the drop-down menu.
  7. Repeat steps for other replication instances.