- Home
- »
- AWS Documentation
- »
- IAM
- »
- Ensure respective logs of Amazon RDS are enabled
Respective logs of Amazon RDS are disabled
Description
Enabling logging for Amazon RDS instances is considered a best practice for maintaining robust security. Activating logging allows for the continuous monitoring and auditing of activity across your RDS instances. It provides critical insights into various events, such as database connections, query executions, and other relevant operations, facilitating effective tracking and analysis of system behavior and potential security incidents.
Fix - Buildtime
Terraform
- Resource: aws_db_instance
- Argument: enabled_cloudwatch_logs_exports
resource "aws_db_instance" "mysql" {
allocated_storage = 5
...
+ enabled_cloudwatch_logs_exports = ["general", "error", "slowquery"]
}