Back to All Checks
Medium RDS Regional

RDS for PostgreSQL DB instances should publish logs to CloudWatch Logs

PCI DSS v4.0.1PCI DSS 10.4.2

Description

Checks if Amazon RDS for PostgreSQL DB instances are configured to publish logs to Amazon CloudWatch Logs. The control fails if the PostgreSQL DB instance is not configured to publish the 'postgresql' log type to CloudWatch Logs.

Remediation

To publish PostgreSQL DB instance logs to CloudWatch Logs, follow these steps:

Steps

  1. Sign in to the AWS Management Console and open the Amazon RDS console.
  2. In the navigation pane, choose 'Databases'.
  3. Select the identified PostgreSQL DB instance that requires log publishing to be enabled.
  4. Choose 'Modify'.
  5. In the 'Database Options' section, locate the 'Log Exports' setting.
  6. Select 'postgresql' from the available log types to enable PostgreSQL logs.
  7. Scroll to the bottom of the page and choose 'Continue'.
  8. On the summary page, review your changes. Select 'Apply immediately' to enable logging right away, or choose to apply them during the next maintenance window.
  9. Click 'Modify DB Instance' to apply the changes.
  10. For detailed guidance, refer to the AWS documentation: 'Publishing PostgreSQL logs to Amazon CloudWatch Logs' in the Amazon RDS User Guide.

Compliance

PCI DSS v4.0.1PCI DSS 10.4.2
Start Your Free Security Check