Ensure that at least two subnets in two different Availability Zones (AZs) are created for your web tier. Each web-tier subnet must reside entirely within one Availability Zone and cannot span zones. AWS Availability Zones are distinct locations that are engineered to be isolated from failures occurred in other zones. By launching EC2 instances in separate AZs (separate subnets), you can protect your web applications from the failure of a single location. This conformity rule assumes that all AWS resources provisioned for your web tier are tagged with <web_tier_tag>:<web_tier_tag_value>, where <web_tier_tag> represents the tag name and <web_tier_tag_value> represents the tag value. Prior to running this rule by the Cloud Conformity engine, the web-tier tags must be configured in the rule settings, on your Cloud Conformity account dashboard.
To achieve fault tolerance and high availability from the perspective of web-tier resource deployment, make sure that at least two subnets in two different Availability Zones are created within your web tier.
Note: Ensure that you replace all <web_tier_tag>:<web_tier_tag_value> tag placeholders found in the conformity rule content with your own tag name and value created for the web tier.
To determine if there are at least two web-tier subnets available within your VPC, perform the following actions:
Remediation / Resolution
To create VPC subnets for your web tier (at least two subnets in different AZs), perform the following actions:
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
Get started for FREE
You are auditing:
Create Web-Tier VPC Subnets
Risk level: Medium