AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
DocDB Cluster Audit Logging Should Be Enabled
More Info:
Ensure doc db cluster has audit logging enabled
Risk Level
Low
Address
Monitoring
Compliance Standards
CBP,GDPR,HIPAA,ISO27001,SEBI
Triage and Remediation
Remediation
To remediate the DocDB Cluster Audit Logging misconfiguration for AWS RDS using the AWS console, follow these step-by-step instructions:
-
Sign in to the AWS Management Console: Go to https://aws.amazon.com/ and sign in to the AWS Management Console using your credentials.
-
Navigate to Amazon RDS Console: Once you are logged in, navigate to the Amazon RDS console by clicking on the “Services” dropdown menu at the top of the page and selecting “RDS” under the “Database” category.
-
Select the Amazon DocumentDB Cluster: In the Amazon RDS console, locate and select the Amazon DocumentDB cluster for which you want to enable audit logging.
-
Enable Audit Logging:
- In the cluster details page, click on the “Modify” button in the upper right corner.
- Scroll down to the “Database options” section.
- Under the “Audit log configuration” section, select “Enable” for the “Audit log” option.
- Choose the desired settings for the audit log, such as the S3 bucket where the logs will be stored, the IAM role that has permission to write to the bucket, and the KMS key for encryption (if needed).
- Click on the “Continue” button.
-
Apply Changes: Review the changes you have made in the “Summary of modifications” section. If everything looks correct, click on the “Modify cluster” button to apply the changes.
-
Monitor Audit Logging Status: Once the modifications are applied, monitor the status of the audit logging configuration in the Amazon DocumentDB cluster details page. The status should change to “applying” and then “active” once the audit logging is successfully enabled.
By following these steps, you will remediate the misconfiguration by enabling audit logging for your Amazon DocumentDB cluster in AWS RDS using the AWS console.
To remediate the misconfiguration of DocDB Cluster Audit Logging not being enabled for AWS RDS using AWS CLI, follow these steps:
-
Enable Logging for the Amazon DocumentDB Cluster:
Run the following AWS CLI command to enable audit logging for your Amazon DocumentDB cluster. Replace
cluster-identifierwith the actual identifier of your DocumentDB cluster.aws docdb modify-db-cluster --db-cluster-identifier <cluster-identifier> --enable-cloudwatch-logs-exports '["audit"]' -
Verify the Audit Logging Configuration:
Run the following command to verify that the audit logging configuration has been successfully updated for your DocumentDB cluster.
aws docdb describe-db-clusters --db-cluster-identifier <cluster-identifier> --query 'DBClusters[0].EnabledCloudwatchLogsExports'This command should return an array with the value
[ "audit" ], indicating that audit logging has been enabled. -
Monitor the CloudWatch Logs:
Once the audit logging is enabled, you can monitor the logs in CloudWatch Logs to ensure that all the database activities are being logged appropriately.
By following these steps, you can remediate the misconfiguration of DocDB Cluster Audit Logging not being enabled for AWS RDS using AWS CLI.
To remediate the misconfiguration of DocDB Cluster Audit Logging not being enabled for AWS RDS using Python, you can follow these steps:
- Import the necessary Python libraries, such as
boto3, which is the AWS SDK for Python.
import boto3
- Initialize the AWS RDS client using the
boto3.clientmethod.
rds_client = boto3.client('rds')
- Identify the DocDB Cluster for which you want to enable audit logging. You can do this by specifying the
DBClusterIdentifierof the DocDB Cluster.
docdb_cluster_identifier = 'your-docdb-cluster-identifier'
- Enable audit logging for the DocDB Cluster by calling the
modify_db_clustermethod of the RDS client with theEnableCloudwatchLogsExportsparameter set to include'audit'.
response = rds_client.modify_db_cluster(
DBClusterIdentifier=docdb_cluster_identifier,
EnableCloudwatchLogsExports=[
'audit'
]
)
- Verify that the audit logging has been enabled successfully by checking the response from the
modify_db_clusterAPI call.
print(response)
By following these steps and running the Python script, you can remediate the misconfiguration of DocDB Cluster Audit Logging not being enabled for AWS RDS.