Monitoring RDS IAM Authentication in Cloudtrail
Hello, I woul like to get more information on how to monitor the RDS authentication request using Cloudtrail. As from the documentation, Cloudtrail events records all those activities happening in the cloud either via console of via API. When we enable IAM authentication for the database in RDS, we would be able to generate a token that can be used to access db. To generate the token, I am using aws-cli generate-db-auth-token command.
How the event in Cloudtrail will look like for such a request? Does that event includes any details about the requester?
Hi. We had exactly the same question and the response we received from AWS support was that Cloudtrail tracks API calls but generate-db-auth-token works locally and does not make any API calls, so Cloudtrail can't track it. Apparently this capability is on the backlog of feature requests but no ETA at present.
Relevant questions
DNS Route 53 monitoring, looking for abnormal increase in traffic due to Apache vulnerability
asked 5 months agocloudwatch or cloudtrail for lambda passrole attack
asked 5 months agoUsing Cloud Trail Console to view all events in multi-account CloudTrail ( created via Organizations )
Accepted Answerasked 17 days agoIAM authentication for RDS secured behind secrets manager
asked 4 months agoHow to know if a CloudTrail event is a Management Event or Data Event?
Accepted Answerasked a month agoHow can I get resources referenced in an event in cloudTrailEvent?
asked 3 months agoServer Error 500 deploy AWS RDS
asked 2 years agoAnalyze historical cloudtrail data for S3
asked 4 months agoHow to reduce the cost for cloudtrail logging
asked 4 months agoMonitoring RDS IAM Authentication in Cloudtrail
asked 2 months ago