Amazon Neptune DB clusters are evaluated for Multi-AZ deployment by checking whether the cluster has read-replica instances distributed across multiple Availability Zones.
A failing result indicates the cluster is deployed in a single AZ and lacks read-replicas that enable automatic promotion and cross-AZ failover.
Risk
Single-AZ deployment creates a clear availability single point of failure.
- Availability: AZ outage or maintenance can cause prolonged downtime until the primary is rebuilt.
- Integrity/Recovery: Manual recovery increases risk of configuration errors and longer RTOs, impacting operations and compliance.
prowler aws --checks neptune_cluster_multi_az
Recommendation
Adopt a high availability deployment model for production Neptune clusters by placing read-replicas in separate Availability Zones to avoid single points of failure.
Regularly test automated failover and combine HA with robust backup and recovery practices as part of a defense-in-depth strategy.
Remediation
Source Code
Resource Type
AwsRdsDbCluster