MySQL Aurora Logs Should Be Enabled
More Info:
Ensure Aurora logging is enabledRisk Level
LowAddress
MonitoringCompliance Standards
HIPAA,SOC2,HITRUST,NISTCSF,PCIDSS,SEBITriage and Remediation
Remediation
Using Console
Using Console
To remediate the issue of MySQL Aurora logs not being enabled in AWS RDS using the AWS Management Console, follow these step-by-step instructions:
- Login to AWS Management Console: Go to the AWS Management Console and log in with your credentials.
- Navigate to RDS Service: Click on the “Services” dropdown menu at the top left corner of the console, then select “RDS” under the Database category.
- Select the Aurora Database: From the list of RDS instances, locate and select the MySQL Aurora database for which you want to enable logs.
- Enable Enhanced Monitoring: In the RDS dashboard for the selected instance, navigate to the left-hand side menu and click on “Logs & events”.
- Enable Audit Log: Under the “Logs & events” section, you will find the option to enable different types of logs such as Audit log, Error log, Slow query log, etc. Click on “Modify” next to the Audit log.
- Enable Audit Log: In the “Modify DB instance” window, find the “Audit log” section and set the “Enable audit log” toggle to “Yes”.
- Set Log Retention Period: Optionally, you can set the retention period for the logs. By default, logs are retained for 7 days. You can adjust this as per your requirements.
- Save Changes: Scroll down to the bottom of the page and click on the “Continue” button.
- Apply Changes: Review the changes you are about to make and click on the “Modify DB instance” button to apply the changes.
- Verify Log Enablement: Once the modification is complete, go back to the RDS dashboard and check the status of the Audit log to ensure that it is now enabled for the MySQL Aurora database.
Using CLI
Using CLI
To remediate the misconfiguration of MySQL Aurora Logs not being enabled for an AWS RDS instance using AWS CLI, follow these step-by-step instructions:Replace Replace Replace
- Enable Enhanced Logging: Enable enhanced logging for your Aurora MySQL RDS instance. This will allow you to access the query and error logs.
<your-db-instance-identifier> with the identifier of your RDS instance and <your-monitoring-role-arn> with the ARN of the IAM role that has permissions to publish logs to CloudWatch.- Enable Query and Error Logs: Enable the query and error logs for your Aurora MySQL RDS instance.
<your-db-instance-identifier> with the identifier of your RDS instance.- Verify the Configuration: Check if the configuration has been applied successfully by describing your RDS instance.
<your-db-instance-identifier> with the identifier of your RDS instance.By following these steps, you can successfully remediate the misconfiguration of MySQL Aurora Logs not being enabled for your AWS RDS instance using the AWS CLI.Using Python
Using Python
To remediate the misconfiguration of MySQL Aurora logs not being enabled for an AWS RDS instance using Python, you can follow these steps:By following these steps and running the Python script, you can successfully remediate the misconfiguration of MySQL Aurora logs not being enabled for an AWS RDS instance.
- Import the necessary Python libraries:
- Connect to the AWS RDS service using the Boto3 library:
- Identify the RDS instance for which you want to enable MySQL Aurora logs:
- Enable the MySQL Aurora logs for the identified RDS instance:
- Verify that the MySQL Aurora logs have been successfully enabled for the RDS instance: