Back to All Checks
Medium Identify Regional

MSK connectors should have logging enabled

FSBP

Description

This control checks whether logging is enabled for an Amazon MSK connector. The control fails if logging is disabled for the MSK connector. Amazon MSK connectors integrate external systems and Amazon services with Apache Kafka by continuously copying streaming data from a data source into an Apache Kafka cluster, or continuously copying data from a cluster into a data sink. MSK Connect can write log events that can help debug a connector. When you create a connector, you can specify zero or more of the following log destinations: Amazon CloudWatch Logs, Amazon S3, and Amazon Data Firehose.

Remediation

To remediate MSK connectors without logging enabled, you need to enable logging for the connector.

Steps

  1. Navigate to the Amazon MSK Connect console
  2. Select the connector that needs remediation
  3. Click on 'Edit' or 'Modify' connector
  4. Go to 'Logging' settings
  5. Enable one or more log destinations
  6. Configure CloudWatch Logs, S3, or Firehose logging
  7. Set up log groups and retention policies
  8. Review the logging configuration
  9. Apply the changes to the connector
  10. Verify logging is working and generating logs

Compliance

FSBP
Start Your Free Security Check