AWS Config Rule: DocumentDB Cluster Audit Logging Enabled
DOCDB_CLUSTER_AUDIT_LOGGING_ENABLED
Eduardo Van Cauteren
Last Update 3 months ago
Description: Checks if an Amazon DocumentDB (with MongoDB compatibility) instance cluster has CloudWatch log export enabled for audit logs. The rule is NON_COMPLIANT if an Amazon DocumentDB instance cluster does not have CloudWatch log export enabled for audit logs.
Trigger type: Configuration changes
AWS Region: Only available in Asia Pacific (Mumbai), Europe (Paris), US East (Ohio), Europe (Ireland), Europe (Frankfurt), South America (Sao Paulo), US East (N. Virginia), Asia Pacific (Seoul), Europe (London), Europe (Milan), Asia Pacific (Tokyo), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Sydney), Canada (Central), China (Ningxia) Region
How to Resolve Manually
This config rule checks if a DocumentDB cluster is publishing Audit Logs to Amazon CloudWatch. The rule will be marked as non-compliant if a cluster is found with Audit Logs disabled.
To resolve this, go to Amazon DocumentDB service from within the AWS Console, search for the cluster that is out of compliance and click on its name. From there, go to Configuration tab and click on Modify button.
Locate the Log exports card and enable the Audit logs for that cluster.
Click on Continue, review and define the scheduling of modifications and finally click on Modify Cluster button.
Check the following screenshot as reference:
Want to know more about StackZone and how to make your cloud management simple and secure?
Check our how it works section with easy to follow videos or just create your own StackZone Account here
