Logging and monitoring

Redshift audit logging is disabled

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

An Amazon Redshift cluster consists of nodes. Each cluster has a leader node and one or more compute nodes. The leader node receives queries from client applications, parses the queries, and develops query execution plans. The leader node coordinates the parallel execution of these plans with the compute nodes and aggregates the intermediate results from these nodes. It then finally returns the results back to the client applications. It was found that the Redshift cluster {AwsRedshiftCluster} has audit logging disabled. Enabling the cluster's audit logs will enable Connection log and User logs. To enables user activity logs you need to enable 'enable_user_activity_logging' parameter as well. The audit logs are stored in AWS S3 bucket and are useful for security and troubleshooting purposes.

  • Recommended Mitigation

    It is recommended to enable audit logging. To enable audit logging, follow the instructions at: <a href="https://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html" target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html</a>

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.