DataSunrise Achieves AWS DevOps Competency Status in AWS DevSecOps and Monitoring, Logging, Performance

This website stores cookies to collect information about how you interact with our website. To find out more visit our Privacy Policy.

Amazon Aurora PostgreSQL Database Activity History

Amazon Aurora PostgreSQL Database Activity History

Database security and auditing are crucial for safeguarding sensitive information and meeting compliance standards such as GDPR, HIPAA, and PCI DSS. Amazon Aurora PostgreSQL offers a comprehensive suite of native database activity history features designed to provide visibility into database activities while maintaining high performance. Below, we explore these features and their practical applications in detail.

Introduction to Database Security

Database security and compliance are critical in today’s data-driven landscape. Organizations must ensure they meet regulatory requirements while maintaining the integrity and confidentiality of their data. Amazon Aurora PostgreSQL provides both native and third-party tools to help achieve these goals.

Native Database Activity History in Aurora PostgreSQL

Database Activity Streams (DAS)

Benefits of DAS


  • Immutable Logs: Provides tamper-proof logs for compliance.
  • Integration Options: Works seamlessly with AWS tools such as CloudWatch and S3.
  • Scalable Performance: Suitable for environments of all sizes.

Configuring DAS


  1. Synchronous Mode: Ensures all events are captured.
  2. Asynchronous Mode: Optimized for performance in high-traffic applications.

Example Query for DAS

Capture modification events:

SELECT event_time, user_name, database_name, query
FROM pg_database_activity_stream
WHERE event_type IN ('INSERT', 'UPDATE', 'DELETE');

pgAudit Extension

Key Capabilities


  • Customizable monitoring for specific actions.
  • Granular auditing at session, role, and object levels.

Configuration and Usage


  1. Enable policies for sensitive data:
    2. ALTER TABLE sensitive_data ENABLE ROW LEVEL SECURITY;
CREATE POLICY read_policy ON sensitive_data
FOR SELECT TO auditor_role USING (true);
  2. Query audit logs:
SELECT log_time, statement, user_name
FROM pg_catalog.pg_audit_log
WHERE statement LIKE 'SELECT%';

Best Practices for Native Tools

  1. Optimize Logging Levels: Prevent log overload by adjusting configurations like log_statement.
  2. Enable Encryption: Use AWS KMS to secure logs.
  3. Set Alerts: Automate notifications using AWS Lambda for anomalies.
  4. Retain Logs Efficiently: Utilize S3 for cost-effective long-term storage.

Combining Native and Third-Party Tools

  • Integrate DAS and pgAudit with tools like DataSunrise for enhanced functionality.
  • Enable cross-region logging for global compliance.

Enhanced Security with DataSunrise

Overview of DataSunrise Features

  • Real-time monitoring and auditing.
  • Detailed reporting for compliance.
  • Masking sensitive data.
  • Sensitive data discovery.
  • ML and AI tools for enhanced detection mechanisms.

DataSunrise offers five deployment modes to adjust security levels and minimize interference with existing infrastructure, including a mode for web application security.

Configuring DataSunrise

Prerequisites


  1. Install and configure DataSunrise on a server with network access to Aurora PostgreSQL.
  2. Verify Aurora PostgreSQL instance parameters support auditing and monitoring.

Dashboard Access


  1. Open the DataSunrise web interface in a browser.
  2. Log in with administrator credentials.

Adding an Aurora PostgreSQL Database


  1. Navigate to the “Databases” section in the dashboard.
  2. Click “Add New Database” and fill in the following details:
    • Database Type: Select PostgreSQL.
    • Host and Port: Enter the Aurora PostgreSQL endpoint and port.
    • Credentials: Provide the database username and password.
    • Connection Test: Run a test to confirm connectivity.
  3. Save the configuration.

Defining Audit Rules


  1. Go to the “Audit Rules” section.
  2. Create rules specifying:
    • Target objects (e.g., sensitive tables or schemas).
    • Actions to monitor (e.g., SELECT, INSERT, UPDATE).
    • Users or roles to track.
    • Alerts for unauthorized or suspicious actions.
  3. Apply the rules to the database.

Advanced Monitoring Configuration


  1. Enable data masking policies for sensitive fields such as SSNs or credit card numbers.
  2. Configure real-time alerts and notifications for anomalous activities.

Audit Log Analysis


  1. Access the “Audit Logs” tab in the dashboard.
  2. Use filtering options to refine results based on time, user, or activity type.
  3. Export logs to formats like CSV or integrate with AWS S3 for long-term storage.

Benefits of Using DataSunrise

  • Centralized Control: Manage all audit policies from a single interface.
  • Customization: Tailor rules to meet organizational needs.
  • Compliance: Generate detailed, audit-ready reports.
  • Security Enhancements: Real-time threat detection and sensitive data masking.
  • Scalability: Supports complex environments with multiple databases.

Conclusion

Amazon Aurora PostgreSQL offers robust native tools like DAS and pgAudit to ensure comprehensive database activity auditing. For organizations requiring advanced features, DataSunrise extends these capabilities with enhanced monitoring, data masking, and compliance reporting. Together, these tools provide a holistic solution for database security and compliance, ensuring sensitive data remains protected and regulatory requirements are consistently met.Explore DataSunrise’s offerings to elevate your database security strategy. Visit our website for an online demonstration and learn how to achieve centralized control over your database audit rules.

Next

Amazon Aurora MySQL Audit Trail

Learn More

Need Our Support Team Help?

Our experts will be glad to answer your questions.

General information:
[email protected]
Sales:
[email protected]
Customer Service and Technical Support:
support.datasunrise.com
Partnership and Alliance Inquiries:
[email protected]