Why are audit logs significant in Amazon Redshift?Īmazon Redshift is used as a data warehouse or a data lake solution with Redshift Spectrum.
The following are the essential system tables (STLs) used for logging in Redshift (note that if you need to log queries, there is an extra step before those are logged-see below): When you have not enabled native logs, you need to investigate past events that you’re hoping are still retained (the “ouch” option).Note that it takes time for logs to get from your system tables to your S3 buckets, so new events will only be available in your system tables (see the below section for that).
For debugging and investigating ongoing or “fresh” incidents.For dashboarding and monitoring purposes.The retention period for such logs is under a week, so do not expect to use these in the long term. Using the built-in system tables, you can investigate events quickly using SQL from within the database itself. Let’s explore what native logging into system tables gives you and what the addition of logging to S3 buckets gives. The logs are natively kept in system tables, and in addition, for long-term storage, you can enable audit logging to S3 buckets. There are two levels of auditing in Redshift. This means that those organizations also want to understand what’s happening in their data analysis environments, both in terms of security and in terms of operational efficiency. With the growing popularity of data democratization, and data analytics in general, organizations allow data access to more users and teams. Why are audit logs especially important in Amazon Redshift?Īmazon Redshift is used as a data warehouse or as part of a data lake solution with Redshift Spectrum. A query log, detailing the history of successful and failed queries made on the database.Īs a certain database session contains one successful login event, but may contain a large number of queries sent to the database, and the amount of information may also be substantially larger (a query can be anything from a SELECT 1 heartbeat to a hundred lines of code).An access log, detailing the history of successful and failed logins to the database.In addition to their security and operational usefulness, audit logs are also an important part of meeting compliance requirements.ĭatabase audit logs are separated into two parts: The more relevant information and context you have about the events logged - the better. The audit log is then both kept for investigations into events, as well as analyzed continuously to find incidents that you want to know about to reduce the risk of data loss (such as compliance breaks, over-privileged users, and other security risks).
In there, you can also download the entire guide as a PDF e-book.Īn audit log consists of logging certain operations to a log. If you'd like to view the entire guide of AWS Redshift Security topics, visit our Amazon Redshift Security guide.