Aurora RDS Audit log

Dear Customer,

Thanks for reaching out to AWS re:Post. Adding to the answer that was previously posted I wanted to add that excluding select in Aurora MySQL auditing with QUERY_DML is not possible out of the box natively. Excerpt from the link below->

"QUERY_DML – Similar to the QUERY event, but returns only data manipulation language (DML) queries (INSERT, UPDATE, and so on, and also SELECT)."

[] Using Advanced Auditing with an Amazon Aurora MySQL DB cluster - server_audit_events - https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Auditing.html#AuroraMySQL.Auditing.Enable.server_audit_events

Also the link below shows the demo

https://aws.amazon.com/premiumsupport/knowledge-center/rds-mysql-high-replica-lag/#:~:text=Amazon%20RDS%20for%20MySQL%20uses,you%20can%20monitor%20replication%20lag.

I sincerely hope we were able to answer your queries. We are innovating every day and your requests are duly noted by the AWS team to better and improve the services. Thank You!

Hello Guillermo Pisqui

I completely see why you want Cloudwatch to save these queries to the log pool based on the information provided.However you have to note that you will exclude all other DML queries logging as (SELECT, INSERT, UPDATE e.i).Only with RDS MySQL are they able to exclude SELECT queries exclusively with setting like :

           SERVER_AUDIT_EVENTS = QUERY_DML_NO_SELECT

This parameter defaults to OFF; set it to ON to enable Advanced Auditing.To exclude the SELECT’s you can use the “server_audit_events” setting and set it to “QUERY_DML”.In the parameter group do settings like:

                   SERVER_AUDIT_EVENTS = QUERY_DML      

Reference:

https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Auditing.html#AuroraMySQL.Auditing.Enable.server_audit_events