Ensure that your Amazon DocumentDB clusters have Log Exports feature enabled in order to publish audit logs directly to AWS CloudWatch Logs. The events recorded by the AWS DocumentDB audit logs include successful and failed authentication attempts, creating indexes or dropping a collection in a database within the DocumentDB cluster.
This rule can help you with the following compliance standards:
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
By default, auditing is disabled on all Amazon DocumentDB clusters. Once the Log Exports feature is enabled, AWS DocumentDB (with MongoDB compatibility) starts sending Data Definition Language (DDL), authentication, authorization and user management events to AWS CloudWatch Logs, a service that monitors, stores and accesses your log files from a variety of sources within your AWS account. This enables you to analyze, monitor and archive your Amazon DocumentDB auditing events for security and compliance requirements.
To determine if your AWS DocumentDB clusters are using Log Exports feature to publish audit logs to Amazon CloudWatch, perform the following actions:Note: Verifying DocumentDB Log Exports feature status using the AWS Management Console is not currently supported.
To enable Log Exports feature for your existing DocumentDB clusters in order to publish audit logs to Amazon CloudWatch, perform the following actions: