An RDS instance is compliant if historical event logging is enabled for the instance.
Scenarios
After you enable historical events for an RDS instance, you can view operation logs for compliance audits and troubleshooting.
Risk level
Default risk level: Low.
You can change the risk level as needed.
Detection logic
-
An RDS instance is considered compliant if historical event logging is enabled.
-
An RDS instance is considered non-compliant if historical event logging is disabled.
Rule details
|
Parameter |
Description |
|
Rule name |
Enable historical events for an RDS instance |
|
Rule identifier |
rds-event-log-enabled |
|
Tag |
RDS, AuditBaseline |
|
Auto-remediation |
Supported |
|
Rule trigger mechanism |
Periodic execution |
|
Trigger frequency |
24 hours |
|
Supported resource types |
RDS instance |
|
Rule input parameters |
None |
Remediation
Enable historical events for your RDS instance. For more information, see Historical events.