{Aurora}Amazon Aurora MySQL DB クラスターでの高度な監査の使用

AWS

-- 高度な監査の有効化

aws rds create-db-cluster-parameter-group \
--db-parameter-group-family aurora-mysql5.7 \
--db-cluster-parameter-group-name cpg01 \
--description cpg01

aws rds modify-db-cluster-parameter-group \
--db-cluster-parameter-group-name cpg01 \
--parameters ParameterName=server_audit_logging,ParameterValue=ON,ApplyMethod=immediate


vim a.json
[
{
"ParameterName": "server_audit_events",
"ParameterValue": "CONNECT,QUERY,TABLE",
"ApplyMethod": "immediate"
},
{
"ParameterName": "server_audit_incl_users",
"ParameterValue": "root",
"ApplyMethod": "immediate"
}
]

aws rds modify-db-cluster-parameter-group \
--db-cluster-parameter-group-name cpg01 \
--parameters file://a.json

 

aws rds create-db-cluster \
--db-cluster-identifier cluster12 \
--engine aurora-mysql \
--engine-version 5.7.mysql_aurora.2.10.0 \
--master-username root \
--master-user-password 'password' \
--db-cluster-parameter-group-name cpg01

aws rds create-db-instance \
--db-instance-identifier cluster12-instance01 \
--db-cluster-identifier cluster12 \
--db-instance-class db.t3.small \
--engine aurora-mysql \
--no-auto-minor-version-upgrade

 


-- 監査ログの表示

aws rds describe-db-log-files --db-instance-identifier cluster12-instance01

aws rds download-db-log-file-portion \
--db-instance-identifier cluster12-instance01 \
--starting-token 0 \
--output text \
--log-file-name audit/audit.log.2.2021-07-23-11-55.0 > audit.txt


★監査対象ユーザを指定しているが、rdsadminもログに含まれてしまう