Ensure Alibaba Cloud RDS log audit is enabled

Error: Alibaba Cloud RDS log audit is disabled

Bridgecrew Policy ID: BC_ALI_GENERAL_14
Checkov Check ID: CKV_ALI_38
Severity: LOW

Alibaba Cloud RDS log audit is disabled

Description

It is recommended to have a proper logging process for Alibaba Cloud RDS in order to detect anomalous configuration activity It is used to track configuration changes conducted manually and programmatically and trace back unapproved changes.

Fix - Runtime

Fix - Buildtime

Terraform

resource "alicloud_log_audit" "pass" {
  display_name = "tf-audit-test"
  aliuid       = "12345678"
  variable_map = {
    "actiontrail_enabled"             = "true",
    "actiontrail_ttl"                 = "180",
    "actiontrail_ti_enabled"          = "true",
    "oss_access_enabled"              = "true",
    "oss_access_ttl"                  = "7",
    "oss_sync_enabled"                = "true",
    "oss_sync_ttl"                    = "180",
    "oss_access_ti_enabled"           = "true",
    "oss_metering_enabled"            = "true",
    "oss_metering_ttl"                = "180",
    "rds_enabled"                     = "true",
    "rds_audit_collection_policy"     = "",
    "rds_ttl"                         = "180",
    "rds_ti_enabled"                  = "true",
    "rds_slow_enabled"                = "true",
    "rds_slow_collection_policy"      = "",
    "rds_slow_ttl"                    = "180",
    "rds_perf_enabled"                = "true",
    "rds_perf_collection_policy"      = "",
    "rds_perf_ttl"                    = "180",
    "vpc_flow_enabled"                = "true",
    "vpc_flow_ttl"                    = "7",
    "vpc_flow_collection_policy"      = "",
    "vpc_sync_enabled"                = "true",
    "vpc_sync_ttl"                    = "180",
    "polardb_enabled"                 = "true",
    "polardb_audit_collection_policy" = "",
    "polardb_ttl"                     = "180",
    "polardb_ti_enabled"              = "true",
    "polardb_slow_enabled"            = "true",
    "polardb_slow_collection_policy"  = "",
    "polardb_slow_ttl"                = "180",
    "polardb_perf_enabled"            = "true",
    "polardb_perf_collection_policy"  = "",
    "polardb_perf_ttl"                = "180",
    "drds_audit_enabled"              = "true",
    "drds_audit_collection_policy"    = "",
    "drds_audit_ttl"                  = "7",
    "drds_sync_enabled"               = "true",
    "drds_sync_ttl"                   = "180",
    "drds_audit_ti_enabled"           = "true",
    "slb_access_enabled"              = "true",
    "slb_access_collection_policy"    = "",
    "slb_access_ttl"                  = "7",
    "slb_sync_enabled"                = "true",
    "slb_sync_ttl"                    = "180",
    "slb_access_ti_enabled"           = "true",
    "bastion_enabled"                 = "true",
    "bastion_ttl"                     = "180",
    "bastion_ti_enabled"              = "true",
    "waf_enabled"                     = "true",
    "waf_ttl"                         = "180",
    "waf_ti_enabled"                  = "true",
    "cloudfirewall_enabled"           = "true",
    "cloudfirewall_ttl"               = "180",
    "cloudfirewall_ti_enabled"        = "true",
    "ddos_coo_access_enabled"         = "true",
    "ddos_coo_access_ttl"             = "180",
    "ddos_coo_access_ti_enabled"      = "true",
    "ddos_bgp_access_enabled"         = "true",
    "ddos_bgp_access_ttl"             = "180",
    "ddos_dip_access_enabled"         = "true",
    "ddos_dip_access_ttl"             = "180",
    "ddos_dip_access_ti_enabled"      = "true",
    "sas_crack_enabled"               = "true",
    "sas_dns_enabled"                 = "true",
    "sas_http_enabled"                = "true",
    "sas_local_dns_enabled"           = "true",
    "sas_login_enabled"               = "true",
    "sas_network_enabled"             = "true",
    "sas_process_enabled"             = "true",
    "sas_security_alert_enabled"      = "true",
    "sas_security_hc_enabled"         = "true",
    "sas_security_vul_enabled"        = "true",
    "sas_session_enabled"             = "true",
    "sas_snapshot_account_enabled"    = "true",
    "sas_snapshot_port_enabled"       = "true",
    "sas_snapshot_process_enabled"    = "true",
    "sas_ttl"                         = "180",
    "sas_ti_enabled"                  = "true",
    "apigateway_enabled"              = "true",
    "apigateway_ttl"                  = "180",
    "apigateway_ti_enabled"           = "true",
    "nas_enabled"                     = "true",
    "nas_ttl"                         = "180",
    "nas_ti_enabled"                  = "true",
    "appconnect_enabled"              = "true",
    "appconnect_ttl"                  = "180",
    "cps_enabled"                     = "true",
    "cps_ttl"                         = "180",
    "cps_ti_enabled"                  = "true",
    "k8s_audit_enabled"               = "true",
    "k8s_audit_collection_policy"     = "",
    "k8s_audit_ttl"                   = "180",
    "k8s_event_enabled"               = "true",
    "k8s_event_collection_policy"     = "",
    "k8s_event_ttl"                   = "180",
    "k8s_ingress_enabled"             = "true",
    "k8s_ingress_collection_policy"   = "",
    "k8s_ingress_ttl"                 = "180"
  }
}