AWS Config Rule: Redshift Cluster Audit Logging Enabled

Description: Checks if Amazon Redshift clusters are logging audits to a specific bucket. The rule is NON_COMPLIANT if audit logging is not enabled for a Redshift cluster or if the 'bucketNames' parameter is provided but the audit logging destination does not match.

Trigger type: Configuration changes

AWS Region: All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Europe (Spain), China (Ningxia), Europe (Zurich) Region

Amazon Redshift stores system logs in system tables and views with a retention period of up to seven days. These logs help with monitoring database security and troubleshooting database issues.

To store the logs for a longer duration, turn on the audit logging feature of Amazon Redshift. Logs can be stored in Amazon Simple Storage Service (Amazon S3) buckets or Amazon CloudWatch. Amazon CloudWatch has features to visualize audit logging data.

This rule checks whether you have enabled the Redshift audit logs in any of it allowed forms, being a S3 bucket or CloudWatch. If they are disabled, the config rule will be marked as non-compliant.

To resolve this manually, go to Amazon Redshift Console, click on Clusters and then choose the cluster you want to update. Click on Properties tab then click on edit button in the Database configurations card and choose Edit audit logging from the menu.

At this screen you can turn the audit logging feature on and choose to store them into a S3 bucket or CloudWatch among other options. Once you have chosen the desired values click on Save changes to make this rule compliant. Check the following screenshot as a reference:

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here