This rule checks whether two vSwitches distributed in different zones are configured for the VPC connected to the transit router to ensure high availability of cross-zone services. If this configuration exists, the evaluation result is considered compliant.
Scenarios
When an enterprise configures two vSwitches in different zones for a VPC connection to a transit router, it ensures high availability of network connectivity and business continuity if a single zone fails. In this case, the evaluation result is considered compliant. The default risk level is high.
Risk level
Default risk level: high.
You can change the risk level as needed.
Detection logic
This rule checks whether two vSwitches distributed in different zones are configured for the VPC connected to the transit router to ensure high availability of cross-zone services. If this configuration exists, the evaluation result is considered compliant.
Rule details
Parameter | Description |
Rule name | Configure multiple zones for a VPC connection to a transit router |
Rule identifier | |
Automatic remediation | Not supported |
Rule trigger | Configuration change |
Supported resource types | ACS::CEN::TransitRouterVpcAttachment |
Input parameters | None |
Remediation guidance
For more information, see Create a VPC connection.