Configure CloudTrail for Redshift Cluster

0

Hi All, is there anyone tried to configure CloudTrail for Redshift? we are trying to do this to get the IAM user activity who run the query in query editor v2.

We have found few docs and followed the steps to configure the CloudTrail, we cant get the logs we are looking forward. https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-tutorial.html https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-a-trail-using-the-console-first-time.html

This is the docs we have found to show us CloudTrail can integrate with Redshift. And it can get the log result for the query editor v2. https://docs.aws.amazon.com/redshift/latest/mgmt/logging-with-cloudtrail.html

But it doesn't show the steps that how to logging the calls with CloudTrail.

Looking forward the guidance from you all, so that we can learn together.

Thanks.

2 Answers
0

Here are step-by-step instructions to log your Redshift cluster calls with Amazon Redshift with AWS CloudTrail:

Create an S3 Bucket for CloudTrail Logs

You need to create an S3 bucket to store the CloudTrail logs generated by Amazon Redshift. CloudTrail will use this bucket to store log files that capture API calls and events associated with your Redshift cluster.

  • Go to the Amazon S3 console.
  • Click on "Create bucket".
  • Enter a unique bucket name e.g., eg-redshift-cloudtrail-logs.
  • Choose the AWS Region where your Redshift cluster is located.
  • Click "Create bucket".

Create a CloudTrail Trail

If you create a CloudTrail trail, you can have continuous delivery of CloudTrail events to an Amazon S3 bucket, including events for Redshift. If you don't configure a trail, you can still view the most recent events in the CloudTrail console in Event history.

  • Go to the CloudTrail console.
  • Click on "Trails" in the left navigation pane.
  • Click "Create trail".
  • Enter a trail name like eg-redshift-trail.
  • Choose the S3 bucket created earlier (eg-redshift-cloudtrail-logs) as the storage location for logs.
  • Configure other settings as needed and click "Create".

Configure Redshift Integration

Configuring Redshift integration allows Redshift to send audit logs to CloudTrail. This ensures that the SQL queries and other activities performed in Redshift (including those from Query Editor v2) are captured by CloudTrail.

  • Navigate to the Amazon Redshift console.
  • Select your cluster, go to the "Properties" tab.
  • Under the "Cluster Auditing and Logging" section, enable logging.
  • Choose the CloudTrail trail you created earlier (eg-redshift-trail).

Go to the IAM Roles console.

IAM roles are used to grant permissions to entities in AWS. You need to ensure that the IAM role associated with Redshift has the necessary permissions to write logs to the specified S3 bucket and read CloudTrail trails.

  • Find and select the IAM role used by Redshift (e.g., eg-redshift-role).
  • Attach policies like AmazonS3ReadOnlyAccess to allow Redshift to access the S3 bucket for CloudTrail logs.

Verify CloudTrail Logs:

After setting up CloudTrail and Redshift integration, you verify that the configuration is working as expected. This step involves performing actions in Redshift (e.g., running queries) and then checking CloudTrail logs to ensure that the actions are captured.

  • Perform actions in Redshift, such as running queries using Query Editor v2.
  • Go back to the CloudTrail console.
  • Click on "Event history" to view the captured events and IAM user activity.
AWS
answered 6 months ago
0

Hi All, I am also looking for some guidance on this. The below mentioned steps in above response are not valid. It just asks for S3 bucket. I couldnt find choose cloudtrail anywhere on redshift.

  1. Under the "Cluster Auditing and Logging" section, enable logging.
  2. Choose the CloudTrail trail you created earlier (eg-redshift-trail).

Looking forward for a reply.

answered 18 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions