Back to All Checks
Medium DMS Regional

DMS replication tasks for the target database should have logging enabled

NIST 800-53PCI DSS v4.0.1PCI DSS v6.3.3HIPAA

Description

This control checks if logging is enabled with a minimum severity level of LOGGER_SEVERITY_DEFAULT for DMS replication tasks, specifically for TARGET_APPLY and TARGET_LOAD operations. The control fails if logging is not enabled for these tasks or if the minimum severity level is set lower than LOGGER_SEVERITY_DEFAULT. DMS utilizes Amazon CloudWatch to log information during the migration process. Users can configure logging task settings to specify which component activities are logged and the amount of information to be logged.

Remediation

Enable logging for DMS replication tasks with appropriate severity levels for target database operations.

Steps

  1. Navigate to the AWS DMS console
  2. Go to the Database migration tasks section
  3. Select the replication task that needs logging
  4. Modify the task settings
  5. In the 'Logging' section, enable 'Target apply logging' and 'Target load logging'
  6. Set the severity level to at least 'LOGGER_SEVERITY_DEFAULT' or higher
  7. Configure CloudWatch Logs destination if needed
  8. Save the configuration changes
  9. Verify that logging is now enabled for the target database operations

Compliance

NIST 800-53PCI DSS v4.0.1PCI DSS v6.3.3HIPAA
Start Your Free Security Check