Region has AWS Elastic Disaster Recovery (DRS) enabled with at least one recovery job
drs_job_exist
AWS Elastic Disaster Recovery is assessed per Region to verify the service is initialized and that at least one recovery or drill job exists, demonstrating that failover has been exercised.
Risk
Without DRS enabled or any prior jobs, workloads are unprotected and untested, undermining availability. During outages or ransomware, recovery may be delayed or fail, increasing RTO/RPO, causing data loss and prolonged downtime.
prowler aws --checks drs_job_exist
Recommendation
Enable DRS in required Regions and protect critical workloads. Define RTO/RPO and run regular recovery drills to validate launch settings and dependencies. Apply least privilege, monitor replication health, and document failover procedures to ensure consistent, repeatable recovery.
Remediation
- In the AWS Console, switch to the target Region
- Open Elastic Disaster Recovery (DRS)
- Click "Set default replication settings" (or Settings > Initialize) and choose "Configure and initialize" to enable DRS in this Region
- Go to "Source servers" > "Add server", copy the install command, run it on one server, and wait until it shows Data replication status = Healthy and Ready for recovery
- Select that server, choose "Initiate recovery drill" (or "Initiate recovery") and confirm to create a job
- Verify under "Recovery job history" that the job completes
Source Code
Resource Type
Other