Back to All Checks
Medium RDS Regional

Aurora PostgreSQL DB clusters should publish logs to CloudWatch Logs

PCI DSS v4.0.1PCI DSS 10.4.2

Description

Checks if Amazon Aurora PostgreSQL DB clusters are configured to publish logs to Amazon CloudWatch Logs. The control fails if the Aurora PostgreSQL cluster is not configured to publish the 'postgresql' log type to CloudWatch Logs.

Remediation

To publish Aurora PostgreSQL cluster logs to CloudWatch Logs, follow these steps:

Steps

  1. Sign in to the AWS Management Console and open the Amazon RDS console.
  2. In the navigation pane, choose 'Databases'.
  3. Select the identified Aurora PostgreSQL cluster that requires log publishing to be enabled.
  4. Choose 'Modify'.
  5. In the 'Database Options' section, locate the 'Log Exports' setting.
  6. Select 'postgresql' from the available log types to enable PostgreSQL logs.
  7. Scroll to the bottom of the page and choose 'Continue'.
  8. On the summary page, review your changes. Select 'Apply immediately' to enable logging right away, or choose to apply them during the next maintenance window.
  9. Click 'Modify DB Cluster' to apply the changes.
  10. For detailed guidance, refer to the AWS documentation: 'Publishing Aurora PostgreSQL logs to Amazon CloudWatch Logs' in the Amazon RDS User Guide.

Compliance

PCI DSS v4.0.1PCI DSS 10.4.2
Start Your Free Security Check