Logging and monitoring

Redshift activity logging is disabled

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

An Amazon Redshift cluster consists of nodes. Each cluster has a leader node and one or more compute nodes. The leader node receives queries from client applications, parses the queries, and develops query execution plans. The leader node coordinates the parallel execution of these plans with the compute nodes and aggregates the intermediate results from these nodes. It then finally returns the results back to the client applications. It was found that the Redshift cluster {AwsRedshiftCluster} had user activity logging disabled. The user activity log logs each query before it's run on the database. The user activity logs are useful in troubleshooting issues and tracking the queries performed on the database from both users and the system.
  • Recommended Mitigation

    It is recommended to enable user activity logging. To enable the activity logging enable the cluster's audit logging and set the parameter 'enable_user_activity_logging' to True. If you want to use different parameter values than the default parameter group, you must create a custom parameter group and then associate your cluster with it, the default parameter group can not be modified. You might need to restart the cluster for the updated parameter values to take effect.