Ensure that your Amazon Aurora Serverless database clusters (MySQL-compatible edition) have Log Exports feature enabled in order to publish general logs, slow query logs, audit logs and error logs directly to AWS CloudWatch. Aurora Serverless is an auto-scaling configuration for Amazon Aurora where the database will automatically start up, shut down and scale capacity up or down based on your workload. Aurora Serverless Log Exports feature supports the following log types:
Error log – contains diagnostic messages generated by the Aurora database engine, together with startup and shutdown times.
General query log – contains a record of all SQL statements received from clients, plus the client connect and disconnect times.
Slow query log – contains a record of SQL statements that took longer than expected to execute.
Audit log – contains Aurora database activity events such as successful and failed authentication attempts, necessary for audit purposes.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
As soon as the Log Exports feature is enabled, Amazon Aurora Serverless starts publishing general, slow query, audit and error logs logs from your Aurora databases to AWS CloudWatch Logs. By sending this type of logging data to Amazon CloudWatch service, you gain continuous visibility into database activity, query performance and errors occurred within your Aurora Serverless databases. To augment the feature's functionality, you can set up CloudWatch alarms to notify you on frequent restarts which are recorded in the error log, or alarms for events recorded in the audit logs that can alert on unwanted changes made to your Aurora databases. You can also create AWS CloudWatch alarms to monitor the slow query log and enable timely detection of long-running SQL queries. Additionally, you can use Amazon CloudWatch Logs to perform random searches across multiple logs published by Aurora Serverless Log Exports – this capability is particularly useful for troubleshooting and compliance auditing.
To determine if your Amazon Aurora MySQL-compatible database clusters are using the Backtrack feature, perform the following actions:
Remediation / Resolution
To enable Log Exports feature for your existing Amazon Aurora Serverless database clusters, perform the following instructions:Note: Enabling Aurora Serverless Log Exports feature using AWS Management Console is not currently supported.
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
You are auditing:
Enable Serverless Log Exports
Risk level: Low