Ensure respective logs of Amazon RDS are enabled

Error: Respective logs of Amazon RDS are disabled

Bridgecrew Policy ID: BC_AWS_IAM_60
Checkov Check ID: CKV_AWS_129
Severity: LOW

Respective logs of Amazon RDS are disabled

Description

It is generally a good security practice to ensure that the respective logs of your Amazon RDS instances are enabled, as this can help you to monitor and track activity on your RDS instances. Logging can provide valuable information about the activity on your RDS instances, including details about connections, queries, and other types of events.

Fix - Buildtime

Terraform

  • Resource: aws_db_instance
  • Argument: enabled_cloudwatch_logs_exports
resource "aws_db_instance" "mysql" {
  allocated_storage = 5
	...
+ enabled_cloudwatch_logs_exports = ["general", "error", "slowquery"]
}