Skip to content

Respective logs of Amazon RDS are disabled

Description

It is generally a good security practice to ensure that the respective logs of your Amazon RDS instances are enabled, as this can help you to monitor and track activity on your RDS instances. Logging can provide valuable information about the activity on your RDS instances, including details about connections, queries, and other types of events.

Fix - Buildtime

Terraform

  • Resource: aws_db_instance
  • Argument: enabled_cloudwatch_logs_exports
resource "aws_db_instance" "mysql" {
  allocated_storage = 5
    ...
+ enabled_cloudwatch_logs_exports = ["general", "error", "slowquery"]
}