Ensure DocDB has audit logs enabled

Error: DocDB does not have audit logs enabled

Bridgecrew Policy ID: BC_AWS_GENERAL_74
Checkov Check ID: CKV_AWS_104
Severity: LOW

DocDB does not have audit logs enabled

Description

TBD

Fix - Buildtime

Terraform

  • Resource: aws_docdb_cluster_parameter_group
  • Argument: parameter.audit_logs
resource "aws_docdb_cluster_parameter_group" "test" {
     ...
+  parameter {
+    name  = "audit_logs"
+    value = "enabled"
  }
}

CloudFormation

  • Resource: AWS::DocDB::DBClusterParameterGroup
  • Argument: Parameters.audit_logs
Resources:
    DocDBParameterGroupEnabled:
        Type: "AWS::DocDB::DBClusterParameterGroup"
        Properties:
        ...
+       Parameters: 
+       audit_logs: "enabled"
            ...

Did this page help you?