RDS Cluster audit logging for MySQL engine is disabled
Description
This policy verifies if audit logging is enabled for RDS Clusters running the MySQL engine in AWS (Amazon Web Services). Audit logging is vital because it helps in tracking and examining activities within the database. If audit logging is not enabled, it could lead to a lack of visibility which is crucial for identifying suspicious activities or understanding the cause of unexpected changes or errors. Consequently, it can pose serious risks, including data breaches and hinder compliance-related responsibilities.
Code Example
resource "aws_rds_cluster" "pass" {
master_username = "username"
master_password = "password"
+ enabled_cloudwatch_logs_exports = ["audit"]
iam_database_authentication_enabled = true
}Remediation
Terraform
- Resource: aws_rds_cluster
- Arguments: enabled_cloudwatch_logs_exports
To fix this issue, you should enable audit logging for your RDS Cluster which is using the MySQL engine. Audit logging helps in recording actions and events that are happening in the AWS environment and reviewing these logs enables identification of patterns and spotting unusual activities.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0372 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AWS_325 |