AWS simulate killing an Availability Zone

At some stage in development of a high availability application you will want test what happens when an Availability Zone goes down in AWS.

Disabling AZ

Blocking all network traffic to AZ seems the best way to simulate this. The method I used was to change the ACL for all the subnets on an AZ to new ACL. The AWS cli creates ACL with Deny All traffic by default for new ACL’s.

As I have multiple VPC I needed to create a different ACL for each VPC .

I then created a function that takes the lists of NetworkAclAssociationId and NetworkAclId and changes the ACL association.

At this point I have disable all traffic to a particular AZ and now I can check if resources are redistributed as expected and there is no downtime.

Re-enabling again

It takes a few extra steps to re-enable again.

That’s it, all traffic should be restored to original configuration.