Back to All Checks
Medium RDS Regional

Aurora MySQL DB clusters should have audit logging enabled

NIST 800-53HIPAA

Description

Checks if Amazon Aurora MySQL DB clusters are configured to have audit logging enabled. The control fails if the Aurora MySQL cluster is not configured to enable audit logging by setting the server_audit_logs parameter to 1.

Remediation

To enable audit logging for Aurora MySQL clusters, follow these steps:

Steps

  1. Sign in to the AWS Management Console and open the Amazon RDS console.
  2. In the navigation pane, choose 'Databases'.
  3. Select the identified Aurora MySQL cluster that requires audit logging to be enabled.
  4. Choose 'Modify'.
  5. In the 'Database Options' section, locate the 'DB cluster parameter group' setting.
  6. If using a custom parameter group, modify the 'server_audit_logs' parameter to '1'.
  7. If using the default parameter group, create a new custom parameter group and set 'server_audit_logs' to '1'.
  8. Apply the parameter group to your Aurora cluster.
  9. Scroll to the bottom of the page and choose 'Continue'.
  10. On the summary page, review your changes. Select 'Apply immediately' to enable audit logging right away, or choose to apply them during the next maintenance window.
  11. Click 'Modify DB Cluster' to apply the changes.
  12. For detailed guidance, refer to the AWS documentation: 'Enabling MySQL audit logging' in the Amazon RDS User Guide.

Compliance

NIST 800-53HIPAA
Start Your Free Security Check