Ensure respective logs of Amazon RDS are enabled
Error: Respective logs of Amazon RDS are disabled
Bridgecrew Policy ID: BC_AWS_IAM_60
Checkov Check ID: CKV_AWS_129
Severity: LOW
Respective logs of Amazon RDS are disabled
Description
It is generally a good security practice to ensure that the respective logs of your Amazon RDS instances are enabled, as this can help you to monitor and track activity on your RDS instances. Logging can provide valuable information about the activity on your RDS instances, including details about connections, queries, and other types of events.
Fix - Buildtime
Terraform
- Resource: aws_db_instance
- Argument: enabled_cloudwatch_logs_exports
resource "aws_db_instance" "mysql" {
allocated_storage = 5
...
+ enabled_cloudwatch_logs_exports = ["general", "error", "slowquery"]
}
Updated 5 months ago