How do I turn on audit logging for my Amazon Aurora MySQL DB cluster and publish the logs to CloudWatch?

Resolution

Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.

Use Advanced Auditing to record and audit database events such as connections, disconnections, queried tables, and query type. You can use Advanced Auditing for Aurora, Aurora with parallel query support, and Aurora Serverless database capacity types.

If you use Amazon Relational Database Service (Amazon RDS) for MySQL or MariaDB, then see How can I activate audit logging for an Amazon RDS for MySQL or MariaDB instance and publish the logs to CloudWatch?

To use audit logging, activate Advanced Auditing. Then, publish the logs to CloudWatch.

Activate Advanced Auditing

Complete the following steps:

1. Create a custom DB cluster parameter group.
2. Modify the parameters for Advanced Auditing.
3. Modify the cluster to associate the new custom DB parameter group with your Aurora MySQL-Compatible DB cluster.

The parameters are dynamic, so you don't need to reboot your DB cluster. If you change the default parameter group to a custom parameter group, then you must manually reboot the DB instance.

Publish the logs to CloudWatch

To publish the Advanced Auditing logs to CloudWatch, use the Amazon RDS console or the AWS CLI. Or, set the value for the cluster DB server_audit_logs_upload parameter to 1. The default value for the parameter is 0.

Use CloudWatch to monitor the log events.

Note: For audit data to appear in the logs, you must use the server_audit_events parameter to define one or more types of events to audit.

For more information about the type of information that you can find in the log files, see Audit log details.

Related information

Auditing an Amazon Aurora cluster

Publishing Amazon Aurora MySQL logs to Amazon CloudWatch Logs