DocDB Logging Is Disabled
- Query id: 56f6a008-1b14-4af4-b9b2-ab7cf7e27641
- Query name: DocDB Logging Is Disabled
- Platform: Terraform
- Severity: Low
- Category: Observability
- URL: Github
Description¶
DocDB logging should be enabled
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_docdb_cluster" "positive1" {
cluster_identifier = "my-docdb-cluster"
engine = "docdb"
master_username = "foo"
master_password = "mustbeeightchars"
backup_retention_period = 5
preferred_backup_window = "07:00-09:00"
skip_final_snapshot = true
}
Positive test num. 2 - tf file
resource "aws_docdb_cluster" "positive2" {
cluster_identifier = "my-docdb-cluster"
engine = "docdb"
master_username = "foo"
master_password = "mustbeeightchars"
backup_retention_period = 5
preferred_backup_window = "07:00-09:00"
skip_final_snapshot = true
enabled_cloudwatch_logs_exports = []
}
Positive test num. 3 - tf file
resource "aws_docdb_cluster" "positive3" {
cluster_identifier = "my-docdb-cluster"
engine = "docdb"
master_username = "foo"
master_password = "mustbeeightchars"
backup_retention_period = 5
preferred_backup_window = "07:00-09:00"
skip_final_snapshot = true
enabled_cloudwatch_logs_exports = ["profiler"]
}
Positive test num. 4 - tf file
resource "aws_docdb_cluster" "positive4" {
cluster_identifier = "my-docdb-cluster"
engine = "docdb"
master_username = "foo"
master_password = "mustbeeightchars"
backup_retention_period = 5
preferred_backup_window = "07:00-09:00"
skip_final_snapshot = true
enabled_cloudwatch_logs_exports = ["audit"]
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "aws_docdb_cluster" "negative1" {
cluster_identifier = "my-docdb-cluster"
engine = "docdb"
master_username = "foo"
master_password = "mustbeeightchars"
backup_retention_period = 5
preferred_backup_window = "07:00-09:00"
skip_final_snapshot = true
enabled_cloudwatch_logs_exports = ["profiler", "audit"]
}