Skip to content

Enable Audit Logging

Description

Amazon Redshift logs information in the following log files:

  • Connection log — logs authentication attempts, and connections and disconnections.
  • User log — logs information about changes to database user definitions.
  • User activity log — logs each query before it is run on the database.

The connection and user logs are useful primarily for security purposes. You can use the connection log to monitor information about the users who are connecting to the database and the related connection information. This information might be their IP address, when they made the request, what type of authentication they used, and so on. You can use the user log to monitor changes to the definitions of database users.

For detailed documentation on Redshift logging refer to this link.

Rationale

Enable Audit Logging to keep a record of your Redshift database activity: authentication attempts, connections, disconnections and changes to database user definitions.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service redshift

Default Rule

const { isAwsRedshift, getRedshiftClusterLoggingStatus } = aws

/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if 'logging_enabled' parameter is true inside 'cluster_logging_status'
 */
function validate(databaseSettings) {
    const clusterLoggingStatus =
        isAwsRedshift(databaseSettings) &&
        getRedshiftClusterLoggingStatus(databaseSettings)

    const success = clusterLoggingStatus && clusterLoggingStatus.loggingEnabled

    return {
        success
    }
}

// invoke
validate(databaseSettings);