FSx for OpenZFS file systems should be configured for Multi-AZ deployment¶

This control checks whether an Amazon FSx for OpenZFS file system is configured to use the multiple Availability Zones (Multi-AZ) deployment type. The control fails if the file system isn't configured to use the Multi-AZ deployment type.

How to fix¶

Attribute deployment_type of aws_fsx_openzfs_file_system must be non-empty.

Implementation options¶

Choose the option that matches how you manage Terraform. All options satisfy this control.

Option 1: Open source module (terraform-aws-modules)¶

If you use terraform-aws-modules/fsx/aws//modules/openzfs, configure the required module inputs to satisfy this control. You can later migrate to the compliance.tf module with minimal changes because it is compatible by design.

module "fsx" {
  source  = "terraform-aws-modules/fsx/aws//modules/openzfs"
  version = "~>1.3"

  deployment_type     = "SINGLE_AZ_1"
  name                = "abc123"
  storage_capacity    = 64
  subnet_ids          = ["subnet-abc123"]
  throughput_capacity = 64
}

Option 2: Terraform AWS provider resources¶

If you manage resources directly, configure the relevant Terraform AWS provider resources to meet this control. See docs for the resources involved: aws_fsx_openzfs_file_system.

resource "aws_fsx_openzfs_file_system" "this" {
  copy_tags_to_backups = true
  copy_tags_to_volumes = true
  deployment_type      = "MULTI_AZ_1"
  storage_capacity     = 64
  subnet_ids           = ["subnet-abc123", "subnet-def456"]
  throughput_capacity  = 160
}

Tool mappings¶

Use these identifiers to cross-reference this control across tools, reports, and evidence.

• Compliance.tf (CTF) Control: fsx_openzfs_file_system_multi_az_deployment_enabled

• Powerpipe Control: aws_compliance.control.fsx_openzfs_file_system_multi_az_deployment_enabled