Ensure DocDB has audit logs enabled
Ensure that audit logging is enabled on your Amazon DocumentDB.When Enabled, it records Data Definition Language (DDL), authentication, authorization, and user management events to Amazon CloudWatch Logs. Also, Amazon DocumentDB exports your cluster's auditing records (JSON documents) to Amazon CloudWatch Logs which you can use to analyze, monitor, and archive your Amazon DocumentDB auditing events.Importantly, You can audit logged events of successful and failed authentication attempts, dropping a collection in a database, or creating an index.
Risk Level: Low
Cloud Entity: AWS DocDB DBCluster
CloudGuard Rule ID: D9.CFT.LOG.10
Covered by Spectral: No
Category: Database
GSL LOGIC
AWS_DocDB_DBCluster should have EnableCloudwatchLogsExports contain-any['audit']
REMEDIATION
From CFT
Supply AWS::DocDB::DBCluster::EnableCloudwatchLogsExports with ["audit"]
See below example;
Resources:
myDBInstance:
Type: "AWS::DocDB::DBCluster"
Properties:
...
EnableCloudwatchLogsExports : ["audit"]
...
References
- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-docdb-dbcluster.html#cfn-docdb-dbcluster-enablecloudwatchlogsexports
- https://docs.aws.amazon.com/documentdb/latest/developerguide/event-auditing.html#event-auditing-enabling-auditing
AWS DocDB DBCluster
The AWS::DocDB::DBCluster Amazon DocumentDB (with MongoDB compatibility) resource describes a DBCluster. Amazon DocumentDB is a fully managed, MongoDB-compatible document database engine.
Compliance Frameworks
- AWS CloudFormation ruleset
Updated over 1 year ago