Skip to main content

Check if Redshift Clusters Have Multi-AZ Enabled

Overview

This check verifies that Amazon Redshift provisioned RA3 clusters have Multi-AZ deployment enabled. Multi-AZ deploys your cluster's compute resources across two Availability Zones, providing a single endpoint for your applications while improving resilience against infrastructure failures.

Risk

Without Multi-AZ enabled, your Redshift cluster runs in a single Availability Zone. If that zone experiences an outage or your node fails, you face:

  • Service disruption: Dropped connections and aborted queries
  • Stalled workloads: ETL jobs and BI dashboards stop functioning
  • Longer recovery time: Manual intervention may be required to restore service
  • Potential SLA breaches: Downstream systems waiting on data may also fail

Enabling Multi-AZ provides automatic failover to a standby compute in another zone, minimizing downtime.

Remediation Steps

Prerequisites

  • AWS Console access with permissions to modify Redshift clusters
  • Your cluster must use an RA3 node type (ra3.xlplus, ra3.4xlarge, or ra3.16xlarge) - Multi-AZ is only available for RA3 clusters
  • Sufficient capacity in your account for the additional compute resources

AWS Console Method

  1. Open the Amazon Redshift console at https://console.aws.amazon.com/redshiftv2/
  2. In the navigation pane, choose Clusters
  3. Select the cluster you want to modify
  4. Choose Actions, then select Activate Multi-AZ
  5. Review the confirmation dialog and choose Activate
  6. Wait for the cluster status to show Available with Multi-AZ enabled

The activation process provisions standby compute in a second Availability Zone. This may take several minutes.

AWS CLI (optional)

Enable Multi-AZ on an existing Redshift cluster:

aws redshift modify-cluster \
    --cluster-identifier <your-cluster-identifier> \
    --multi-az \
    --region us-east-1

Replace <your-cluster-identifier> with your actual cluster identifier.

To disable Multi-AZ (not recommended):

aws redshift modify-cluster \
    --cluster-identifier <your-cluster-identifier> \
    --no-multi-az \
    --region us-east-1

Check the current Multi-AZ status of a cluster:

aws redshift describe-clusters \
    --cluster-identifier <your-cluster-identifier> \
    --query 'Clusters[0].MultiAZ' \
    --region us-east-1
CloudFormation (optional)

Use the MultiAZ property to enable Multi-AZ deployment:

AWSTemplateFormatVersion: '2010-09-09'
Description: Redshift cluster with Multi-AZ enabled

Resources:
  RedshiftCluster:
    Type: AWS::Redshift::Cluster
    Properties:
      ClusterIdentifier: my-redshift-cluster
      NodeType: ra3.xlplus
      MasterUsername: admin
      MasterUserPassword: !Sub '{{resolve:secretsmanager:${RedshiftSecret}:SecretString:password}}'
      NumberOfNodes: 2
      ClusterType: multi-node
      DBName: mydb
      MultiAZ: true
      PubliclyAccessible: false
      Encrypted: true

  RedshiftSecret:
    Type: AWS::SecretsManager::Secret
    Properties:
      Name: redshift-admin-password
      GenerateSecretString:
        SecretStringTemplate: '{"username": "admin"}'
        GenerateStringKey: password
        PasswordLength: 32
        ExcludeCharacters: '"@/\'

Key properties:

  • MultiAZ: true - Enables Multi-AZ deployment
  • NodeType - Must be an RA3 node type (ra3.xlplus, ra3.4xlarge, or ra3.16xlarge)
  • ClusterType: multi-node - Required for production workloads
Terraform (optional)

Use the multi_az argument to enable Multi-AZ deployment:

resource "aws_redshift_cluster" "example" {
  cluster_identifier = "my-redshift-cluster"
  database_name      = "mydb"
  master_username    = "admin"
  master_password    = var.redshift_master_password  # Use a variable or secrets manager

  node_type       = "ra3.xlplus"
  cluster_type    = "multi-node"
  number_of_nodes = 2

  # Enable Multi-AZ for high availability
  multi_az = true

  # Additional security settings
  encrypted  = true
  kms_key_id = aws_kms_key.redshift.arn

  publicly_accessible = false

  tags = {
    Environment = "production"
  }
}

# KMS key for encryption
resource "aws_kms_key" "redshift" {
  description             = "KMS key for Redshift cluster encryption"
  deletion_window_in_days = 30
  enable_key_rotation     = true
}

Key arguments:

  • multi_az = true - Enables Multi-AZ deployment
  • node_type - Must be an RA3 node type
  • cluster_type = "multi-node" - Required for production workloads

Verification

After enabling Multi-AZ, verify it is active:

  1. In the Amazon Redshift console, navigate to Clusters
  2. Select your cluster and view the Configuration tab
  3. Confirm that Multi-AZ shows as Enabled
CLI verification
aws redshift describe-clusters \
    --cluster-identifier <your-cluster-identifier> \
    --query 'Clusters[0].{ClusterId:ClusterIdentifier, MultiAZ:MultiAZ, Status:ClusterStatus}' \
    --output table \
    --region us-east-1

Expected output should show MultiAZ: True.

Additional Resources

Notes

  • RA3 node type required: Multi-AZ is only available for clusters using RA3 node types. If your cluster uses DC2 or other node types, you must first migrate to RA3.
  • Cost implications: Multi-AZ roughly doubles your compute costs since standby compute is provisioned in a second Availability Zone. Storage costs remain the same as Redshift Managed Storage is already resilient.
  • No application changes needed: Multi-AZ uses a single endpoint, so your applications do not need modification.
  • Automatic failover: In the event of a failure, Redshift automatically fails over to the standby compute. Some in-flight queries may need to be retried.
  • Test failover: Consider testing failover scenarios periodically to validate your application's retry logic handles brief interruptions gracefully.