Ensure Alibaba Cloud RDS log audit is enabled
Error: Alibaba Cloud RDS log audit is disabled
Bridgecrew Policy ID: BC_ALI_GENERAL_14
Checkov Check ID: CKV_ALI_38
Severity: LOW
Alibaba Cloud RDS log audit is disabled
Description
It is recommended to have a proper logging process for Alibaba Cloud RDS in order to detect anomalous configuration activity It is used to track configuration changes conducted manually and programmatically and trace back unapproved changes.
Fix - Runtime
Fix - Buildtime
Terraform
resource "alicloud_log_audit" "pass" {
display_name = "tf-audit-test"
aliuid = "12345678"
variable_map = {
"actiontrail_enabled" = "true",
"actiontrail_ttl" = "180",
"actiontrail_ti_enabled" = "true",
"oss_access_enabled" = "true",
"oss_access_ttl" = "7",
"oss_sync_enabled" = "true",
"oss_sync_ttl" = "180",
"oss_access_ti_enabled" = "true",
"oss_metering_enabled" = "true",
"oss_metering_ttl" = "180",
"rds_enabled" = "true",
"rds_audit_collection_policy" = "",
"rds_ttl" = "180",
"rds_ti_enabled" = "true",
"rds_slow_enabled" = "true",
"rds_slow_collection_policy" = "",
"rds_slow_ttl" = "180",
"rds_perf_enabled" = "true",
"rds_perf_collection_policy" = "",
"rds_perf_ttl" = "180",
"vpc_flow_enabled" = "true",
"vpc_flow_ttl" = "7",
"vpc_flow_collection_policy" = "",
"vpc_sync_enabled" = "true",
"vpc_sync_ttl" = "180",
"polardb_enabled" = "true",
"polardb_audit_collection_policy" = "",
"polardb_ttl" = "180",
"polardb_ti_enabled" = "true",
"polardb_slow_enabled" = "true",
"polardb_slow_collection_policy" = "",
"polardb_slow_ttl" = "180",
"polardb_perf_enabled" = "true",
"polardb_perf_collection_policy" = "",
"polardb_perf_ttl" = "180",
"drds_audit_enabled" = "true",
"drds_audit_collection_policy" = "",
"drds_audit_ttl" = "7",
"drds_sync_enabled" = "true",
"drds_sync_ttl" = "180",
"drds_audit_ti_enabled" = "true",
"slb_access_enabled" = "true",
"slb_access_collection_policy" = "",
"slb_access_ttl" = "7",
"slb_sync_enabled" = "true",
"slb_sync_ttl" = "180",
"slb_access_ti_enabled" = "true",
"bastion_enabled" = "true",
"bastion_ttl" = "180",
"bastion_ti_enabled" = "true",
"waf_enabled" = "true",
"waf_ttl" = "180",
"waf_ti_enabled" = "true",
"cloudfirewall_enabled" = "true",
"cloudfirewall_ttl" = "180",
"cloudfirewall_ti_enabled" = "true",
"ddos_coo_access_enabled" = "true",
"ddos_coo_access_ttl" = "180",
"ddos_coo_access_ti_enabled" = "true",
"ddos_bgp_access_enabled" = "true",
"ddos_bgp_access_ttl" = "180",
"ddos_dip_access_enabled" = "true",
"ddos_dip_access_ttl" = "180",
"ddos_dip_access_ti_enabled" = "true",
"sas_crack_enabled" = "true",
"sas_dns_enabled" = "true",
"sas_http_enabled" = "true",
"sas_local_dns_enabled" = "true",
"sas_login_enabled" = "true",
"sas_network_enabled" = "true",
"sas_process_enabled" = "true",
"sas_security_alert_enabled" = "true",
"sas_security_hc_enabled" = "true",
"sas_security_vul_enabled" = "true",
"sas_session_enabled" = "true",
"sas_snapshot_account_enabled" = "true",
"sas_snapshot_port_enabled" = "true",
"sas_snapshot_process_enabled" = "true",
"sas_ttl" = "180",
"sas_ti_enabled" = "true",
"apigateway_enabled" = "true",
"apigateway_ttl" = "180",
"apigateway_ti_enabled" = "true",
"nas_enabled" = "true",
"nas_ttl" = "180",
"nas_ti_enabled" = "true",
"appconnect_enabled" = "true",
"appconnect_ttl" = "180",
"cps_enabled" = "true",
"cps_ttl" = "180",
"cps_ti_enabled" = "true",
"k8s_audit_enabled" = "true",
"k8s_audit_collection_policy" = "",
"k8s_audit_ttl" = "180",
"k8s_event_enabled" = "true",
"k8s_event_collection_policy" = "",
"k8s_event_ttl" = "180",
"k8s_ingress_enabled" = "true",
"k8s_ingress_collection_policy" = "",
"k8s_ingress_ttl" = "180"
}
}
Updated 5 months ago