Profile Applicability:
Level 1

Description:
This control ensures that Amazon Virtual Private Clouds (VPCs) are provisioned across multiple AWS regions to support high availability, disaster recovery, and compliance requirements. Having VPCs in multiple regions enables organizations to maintain operations even if one region experiences an outage or service disruption. It also helps in meeting business continuity and regulatory compliance objectives.

Rationale:
Deploying VPCs in multiple AWS regions provides geographical redundancy, minimizes the risk of single-region dependency, and ensures business continuity during regional outages. It also enables better latency management by placing workloads closer to end users and facilitates compliance with data residency requirements in specific jurisdictions.


Impact:
Positive Impact:

  • Increases fault tolerance and disaster recovery capability.

  • Enables geographic redundancy for mission-critical applications.

  • Supports compliance with regional data residency laws.
    Negative Impact:

  • Slight increase in management complexity and operational cost due to multiple regional deployments.

Default Value:
By default, a VPC exists in a single region. AWS does not automatically replicate VPCs to other regions.

Pre-Requisite:

  • IAM permissions required: ec2:DescribeVpcs, ec2:CreateVpc, ec2:DescribeRegions.

  • Knowledge of your organization’s regional architecture and DR strategy.

Test Plan
Using AWS Console:

  1. Sign in to the AWS Management Console.

  2. Navigate to the EC2 Dashboard.

  3. In the left panel, select “Your VPCs.”

  4. Review the list of VPCs in the current region.

  5. Switch regions from the console dropdown menu in the top right corner.

  6. Verify that at least one VPC exists in multiple active regions (e.g., us-east-1, eu-west-1, ap-south-1).

  7. If a region lacks a VPC, follow the implementation plan to create one.

Implementation Plan
Using AWS Console:

  1. Sign in to the AWS Management Console.

  2. From the top navigation bar, select a new AWS region where a VPC is not present.

  3. Navigate to VPC → Your VPCs → Create VPC.

  4. Choose “VPC only” or “VPC and more” (to include subnets, route tables, and gateways).

  5. Specify CIDR block (e.g., 10.10.0.0/16) and assign a name tag.

  6. Configure additional components such as subnets, internet gateway, and NAT gateway if needed.

  7. Click “Create VPC.”

  8. Repeat these steps in all regions required for redundancy and disaster recovery.

Backout Plan:

  1. If a VPC was created in error or not required in a specific region, delete it from the AWS Management Console by navigating to VPC → Your VPCs → Select VPC → Actions → Delete VPC.

  2. Confirm deletion and ensure no dependent resources (subnets, gateways, instances) are active before deletion.

References: