Respective logs of Amazon RDS are disabled

Description

It is generally a good security practice to ensure that the respective logs of your Amazon RDS instances are enabled, as this can help you to monitor and track activity on your RDS instances. Logging can provide valuable information about the activity on your RDS instances, including details about connections, queries, and other types of events.

Code Example

resource "aws_db_instance" "mysql" {
  allocated_storage = 5
    ...
+ enabled_cloudwatch_logs_exports = ["general", "error", "slowquery"]
}

Remediation

Terraform

Resource: aws_db_instance
Arguments: enabled_cloudwatch_logs_exports

Rule Details

Field	Value
ID	IAC-0180
Severity	LOW
IaC Type	Terraform
Frameworks	Terraform, TerraformPlan
Checkov ID	CKV_AWS_129

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Respective logs of Amazon RDS are disabled

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Respective logs of Amazon RDS are disabled ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Respective logs of Amazon RDS are disabled

Description

Code Example

Remediation

Rule Details

References