Ensure DocDB has audit logs enabled
Error: DocDB does not have audit logs enabled
Bridgecrew Policy ID: BC_AWS_GENERAL_74
Checkov Check ID: CKV_AWS_104
Severity: LOW
DocDB does not have audit logs enabled
Description
Enabling audit logs for Amazon DocumentDB (DocDB) can help you to monitor and track activity within your DocDB cluster. Audit logs provide a record of database activity, including details about the activity itself (e.g., which database was accessed, what type of operation was performed), as well as information about the user or application that initiated the activity.
Fix - Buildtime
Terraform
- Resource: aws_docdb_cluster_parameter_group
- Argument: parameter.audit_logs
resource "aws_docdb_cluster_parameter_group" "test" {
...
+ parameter {
+ name = "audit_logs"
+ value = "enabled"
}
}
CloudFormation
- Resource: AWS::DocDB::DBClusterParameterGroup
- Argument: Parameters.audit_logs
Resources:
DocDBParameterGroupEnabled:
Type: "AWS::DocDB::DBClusterParameterGroup"
Properties:
...
+ Parameters:
+ audit_logs: "enabled"
...
Updated 11 months ago