REL13-BP04 Manage configuration drift at the DR site or Region
Ensure that the infrastructure, data, and configuration are as needed at the DR site or Region. For example, check that AMIs and service quotas are up to date.
AWS Config continuously monitors and records your AWS resource configurations. It can detect drift and invoke AWS Systems Manager Automation to fix it and raise alarms. AWS CloudFormation can additionally detect drift in stacks you have deployed.
Common anti-patterns:
-
Failing to make updates in your recovery locations, when you make configuration or infrastructure changes in your primary locations.
-
Not considering potential limitations (like service differences) in your primary and recovery locations.
Benefits of establishing this best practice: Ensuring that your DR environment is consistent with your existing environment guarantees complete recovery.
Level of risk exposed if this best practice is not established: Medium
Implementation guidance
-
Ensure that your delivery pipelines deliver to both your primary and backup sites. Delivery pipelines for deploying applications into production must distribute to all the specified disaster recovery strategy locations, including dev and test environments.
Permit AWS Config to track potential drift locations. Use AWS Config rules to create systems that enforce your disaster recovery strategies and generate alerts when they detect drift.
Use AWS CloudFormation to deploy your infrastructure. AWS CloudFormation can detect drift between what your CloudFormation templates specify and what is actually deployed.
Resources
Related documents:
Related videos: