Ensure audit logging is enabled for Redshift clusters for security and troubleshooting purposes.
This rule can help you with the following compliance standards:
- Payment Card Industry Data Security Standard (PCI DSS)
- Health Insurance Portability and Accountability Act (HIPAA)
- General Data Protection Regulation (GDPR)
- APRA
- MAS
- NIST 800-53 (Rev. 4)
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Security Once enabled, the Amazon Redshift Audit Logging feature starts recoding database usage information such as queries performed and connection attempts, logging data that can be extremely useful for security and compliance audits or troubleshooting sessions.
Audit
To determine if audit logging is enabled for your Amazon Redshift clusters, perform the following:
01 Login to the AWS Management Console.
02 Navigate to Redshift dashboard at https://console.aws.amazon.com/redshift/.
03 In the left navigation panel, under Redshift Dashboard, click Clusters.
04 Choose the Redshift cluster that you want to examine and click the Show or Hide Item details icon:
to show the selected cluster configuration details.
05 In the Backup, Audit Logging and Maintenance section, verify the Audit Logging Enabled status:
If the current status is set to No the database auditing is not enabled for the selected AWS Redshift cluster.
06 Repeat step no. 4 and 5 to verify the feature status for other Redshift clusters available in the current region.
07 Change the AWS region from the navigation bar and repeat the audit process for other regions.
Remediation / Resolution
To modify your Amazon Redshift clusters configuration in order to enable audit logging for the databases provisioned within these clusters, perform the following:
01 Login to the AWS Management Console.
02 Navigate to Redshift dashboard at https://console.aws.amazon.com/redshift/.
03 In the left navigation panel, under Redshift Dashboard, click Clusters.
04 Choose the Redshift cluster that you want to modify then click on its identifier:
listed in the Cluster column.
05 On the selected cluster configuration page, click the Database dropdown button from the dashboard top menu then click Configure Audit Logging.
06 Inside the Configure Audit Logging dialog box, perform the following actions:
- For Enable Audit Logging select Yes.
- For S3 Bucket select one of the following options based on your preferences:
- Select Use Existing to store the log files within an existing S3 bucket and choose the name of this bucket from the Bucket* dropdown list. (Optional) In the S3 Key Prefix box you can provide a unique prefix for the log file names.
- Select Create New to create a new S3 bucket for log files storage and provide a name for it in the New Bucket Name* box. (Optional) In the S3 Key Prefix box you can provide a unique prefix for the log file names generated by Redshift.
- Click Save to enable the feature. The Audit Logging Enabled status should change to Yes.
07 Repeat steps no. 4 - 6 to enable audit logging for other Redshift clusters provisioned in the current region.
08 Change the AWS region from the navigation bar and repeat the entire process for other regions.
References
- AWS Documentation
- Amazon Redshift FAQs
- Database Audit Logging
- Managing Clusters Using the Console
- Manage Clusters Using the Amazon Redshift CLI and API
- AWS Command Line Interface (CLI) Documentation
- redshift
- describe-clusters
- describe-logging-status
- enable-logging
- s3api
- create-bucket
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
Redshift Cluster Audit Logging Enabled
Risk level: Medium