Back to All Checks
Medium RDS Regional

RDS for MariaDB DB instances should publish logs to CloudWatch Logs

NIST 800-53

Description

Checks if Amazon RDS for MariaDB DB instances are configured to publish logs to Amazon CloudWatch Logs. The control fails if the MariaDB DB instance is not configured to publish the 'error' log type to CloudWatch Logs.

Remediation

To publish MariaDB DB instance logs to CloudWatch Logs, follow these steps:

Steps

  1. Sign in to the AWS Management Console and open the Amazon RDS console.
  2. In the navigation pane, choose 'Databases'.
  3. Select the identified MariaDB DB instance that requires log publishing to be enabled.
  4. Choose 'Modify'.
  5. In the 'Database Options' section, locate the 'Log Exports' setting.
  6. Select 'error' from the available log types to enable MariaDB error logs.
  7. Scroll to the bottom of the page and choose 'Continue'.
  8. On the summary page, review your changes. Select 'Apply immediately' to enable logging right away, or choose to apply them during the next maintenance window.
  9. Click 'Modify DB Instance' to apply the changes.
  10. For detailed guidance, refer to the AWS documentation: 'Publishing MariaDB logs to Amazon CloudWatch Logs' in the Amazon RDS User Guide.

Compliance

NIST 800-53
Start Your Free Security Check