Ensure that user activity logging is enabled for your AWS Redshift clusters in order to log each query before it is performed on the clusters database. To enable this feature, set the "enable_user_activity_logging" database parameter to true within your Amazon Redshift non-default parameter groups. In order to make "enable_user_activity_logging" parameter to work, you must first enable database audit logging for your clusters. The AWS Redshift database audit creates three types of logs: connection and user logs (activated by default), and user activity logs (activated by the "enable_user_activity_logging" parameter).
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
AWS Redshift user activity logging is primarily useful for troubleshooting purposes. Once enabled, the feature tracks information about the types of queries that both the users and the system perform within the cluster database.
Note: For this rule, Cloud Conformity assumes that your Amazon Redshift clusters are not associated with the default parameter group created automatically by AWS, as the default parameter group cannot be modified to update the enable_user_activity_logging parameter value.
Audit
To determine if the user activity logging is enabled for your Amazon Redshift clusters by checking the non-default parameter groups for "enable_user_activity_logging" parameter status, perform the following:
Remediation / Resolution
To enable user activity logging for your Amazon Redshift clusters, you need to enable database audit logging, then set "enable_user_activity_logging" parameter value to "true" within the non-default parameter groups associated with your Redshift clusters. To set the required parameter value, perform the following:
References
- AWS Documentation
- Amazon Redshift FAQs
- Database Audit Logging
- Amazon Redshift Clusters
- Configuring Auditing Using the Console
- Amazon Redshift Parameter Groups
- AWS Command Line Interface (CLI) Documentation
- redshift
- describe-clusters
- describe-cluster-parameters
- modify-cluster-parameter-group
- reboot-cluster
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
Enable Redshift User Activity Logging
Risk level: Low