Ensure that at least two subnets in two different Availability Zones (AZs) are created for your data tier. Each data-tier subnet must be located entirely in one Availability Zone and cannot span multiple zones. Availability Zones are distinct locations that are engineered to be isolated from failures occurred in other zones. By launching EC2 instances in separate AZs (separate subnets), you can protect your databases from the single point of failure. This conformity rule assumes that all AWS resources created in your data tier are tagged with <data_tier_tag>:<data_tier_tag_value>, where <data_tier_tag> represents the tag name and <data_tier_tag_value> represents the tag value. Prior to running this rule by the Cloud Conformity engine, the data-tier tags must be configured in the rule settings, on your Cloud Conformity account dashboard.
To reach fault tolerance and high availability from the perspective of database deployment, make sure that at least two subnets in two different Availability Zones are created within your data tier.
Note: Ensure that you replace all <data_tier_tag>:<data_tier_tag_value> tag placeholders found in the conformity rule content with your own tag name and value created for the data tier.
To determine if there are at least two data-tier subnets available in your VPC, perform the following actions:
Remediation / Resolution
To create VPC subnets for your data tier (at least two subnets in different AZs), perform the following actions:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Create Data-Tier VPC Subnets
Risk level: Medium