DocDB does not have audit logs enabled
Description
Enabling audit logs for Amazon DocumentDB (DocDB) can help you to monitor and track activity within your DocDB cluster. Audit logs provide a record of database activity, including details about the activity itself (e.g., which database was accessed, what type of operation was performed), as well as information about the user or application that initiated the activity.
Code Example
go
resource "aws_docdb_cluster_parameter_group" "test" {
...
+ parameter {
+ name = "audit_logs"
+ value = "enabled"
}
}Remediation
Terraform
- Resource: aws_docdb_cluster_parameter_group
- Arguments: parameter.audit_logs
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0157 |
| Severity | LOW |
| IaC Type | Cloudformation |
| Frameworks | CloudFormation, Terraform, TerraformPlan, Serverless |
| Checkov ID | CKV_AWS_104 |