Alibaba Cloud RDS log audit is disabled

Description

This policy ensures that log auditing is enabled for Alibaba Cloud RDS instances. Enabling log audit provides detailed records of database activities, including user actions, queries, and system events. These logs are essential for detecting anomalies, investigating incidents, and maintaining compliance with regulatory and organizational requirements.

Failing to enable log auditing can lead to a lack of visibility into database activity, increasing the risk of undetected malicious actions or compliance violations.

Code Example

resource "alicloud_log_audit" "example" {
  ...
  variable_map = [
    {
+      rds_enabled = true
    }
  ]
}

Remediation

Terraform

Resource: alicloud_log_audit
Arguments: variable_map.rds_enabled

To mitigate this issue, ensure the `rds_enabled` attribute in the `alicloud_log_audit` resource is set to True.

Example:

Rule Details

Field	Value
ID	IAC-0037
Severity	LOW
IaC Type	Terraform
Frameworks	Terraform
Checkov ID	CKV_ALI_38

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Alibaba Cloud RDS log audit is disabled

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Alibaba Cloud RDS log audit is disabled ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Alibaba Cloud RDS log audit is disabled

Description

Code Example

Remediation

Rule Details

References