terraform.aws.best-practice.aws-rds-multiaz-not-enabled.aws-rds-multiaz-not-enabled

semgrep

Author

unknown

Download Count*

LGPL Commons Clause

License

The AWS RDS is not configured to use multi-az. Consider using it if possible.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: aws-rds-multiaz-not-enabled
    patterns:
      - pattern: |
          resource "aws_db_instance" $ANYTHING {
            ...
          }
      - pattern-not-inside: |
          resource "aws_db_instance" $ANYTHING {
            ...
            multi_az = true
            ...
          }
    message: The AWS RDS is not configured to use multi-az. Consider using it if
      possible.
    languages:
      - hcl
    severity: WARNING
    metadata:
      category: best-practice
      technology:
        - terraform
        - aws
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]

Examples

aws-rds-multiaz-not-enabled.tf

# fail
# ruleid: aws-rds-multiaz-not-enabled
resource "aws_db_instance" "disabled" {
  name   = "name"
  engine = "mysql"

  identifier     = "id"
  instance_class = "foo"
  multi_az       = false
}

# fail
# ruleid: aws-rds-multiaz-not-enabled
resource "aws_db_instance" "default" {
  name   = "name"
  engine = "mysql"

  identifier     = "id"
  instance_class = "foo"
}

# pass
resource "aws_db_instance" "enabled" {
  name   = "name"
  engine = "mysql"

  identifier     = "id"
  instance_class = "foo"
  multi_az       = true
}

Short Link: https://sg.run/d1wZ