Back to All Checks
Medium DMS Regional

DMS replication tasks for the source database should have logging enabled

NIST 800-53PCI DSS v4.0.1PCI DSS v10.4.2

Description

This control checks whether logging is enabled with the minimum severity level of LOGGER_SEVERITY_DEFAULT for DMS replication tasks, specifically SOURCE_CAPTURE and SOURCE_UNLOAD. The control fails if logging is not enabled for these tasks or if the minimum severity level is less than LOGGER_SEVERITY_DEFAULT. DMS utilizes Amazon CloudWatch to log information during the migration process. Users can specify which component activities are logged and the level of detail using logging task settings. Logging plays a critical role in DMS replication tasks by enabling monitoring, troubleshooting, auditing, performance analysis, error detection and recovery, and historical analysis and reporting.

Remediation

Enable logging for DMS replication tasks with appropriate severity levels for source database operations.

Steps

  1. Navigate to the AWS DMS console
  2. Go to the Database migration tasks section
  3. Select the replication task that needs logging
  4. Modify the task settings
  5. In the 'Logging' section, enable 'Source capture logging' and 'Source unload logging'
  6. Set the severity level to at least 'LOGGER_SEVERITY_DEFAULT' or higher
  7. Configure CloudWatch Logs destination if needed
  8. Save the configuration changes
  9. Verify that logging is now enabled for the source database operations

Compliance

NIST 800-53PCI DSS v4.0.1PCI DSS v10.4.2
Start Your Free Security Check