Vendor services misconfigurations

Auto Scaling group (ASG) should cover multiple availability zones

Platform(s)
Compliance Frameworks
  • AWS Foundational Security Best Practices Controls
  • ,
  • CPRA
  • ,
  • iso_27001_2022
  • ,
  • iso_27002_2022
  • ,
  • mpa
  • ,
  • NIST 800-53

Description

Auto Scaling group is a logical grouping of instances for the purposes of automatic scaling and management. Auto Scaling helps you to ensure that you have the correct number of Amazon EC2 instances available to handle the load for your application. Amazon EC2 Auto Scaling groups can be configured to use multiple availability zones. An Auto Scaling group with a single availability zone is preferred in some use cases, such as batch-jobs or when inter-AZ transfer costs need to be kept to a minimum. However, an Auto Scaling group that does not span multiple availability zones will not launch instances in another availability zone to compensate if the configured single availability zone becomes unavailable. The control fails if an Auto Scaling group does not span multiple availability zones. It was detected that the Auto Scaling group {AwsAsg} does not span multiple availability zones.