Assign the Parameter group to your RDS PostgreSQL database instance (RDS Instance → Configuration → Modify → database’s Additional Configuration → DB parameter group).Create an RDS Parameter Group and change the default parameter values to the values shown below: Parameter name.Enabling the pgAudit extension on an AWS RDS instance running PostgreSQL After you enable the pgAudit extension, you can configure the pgaudit.log parameter to audit specific databases, roles, tables, and columns. The pgaudit plugin provides detailed session and object audit logging for Amazon RDS PostgreSQL. For more detailed and structured information, you can use the pgaudit extension ( ), which you can also configure. The standard logging facility shows what the user requested. It must also be possible to find particular statements that are of interest to an auditor. It is not enough to have a list of all the operations performed against the database. This is acceptable for monitoring and other usages but does not provide the level of detail generally required for an audit. Basic statement logging can be provided by the standard logging facility with log_statement = all. There are different parameters that you can set to log activity on your AWS RDS PostgreSQL database. This article will focus on the native auditing of an AWS RDS PostgreSQL database. Theoretically, all these demands can be fulfilled using native database audit mechanisms. The general idea of database auditing is to know who and when accessed your database tables, and what modifications were done to them. ![]() Good audit logging is one important tool in the belt of a security-aware data professional. It also affects you professionally as a person who works with data, you are that ‘someone’ for your customers. This affects you personally as a customer of those companies – you want someone to take good care of your data. Today it is almost unsurprising to see another headline related to data breaches or data privacy.
0 Comments
Leave a Reply. |