Automated auditing
Implementing security auditing has become increasingly important because of compliance requirements and security threats. Many users prefer to continue the auditing activities they perform with Oracle on Exadata. AWS provides two auditing options for your databases: basic Amazon RDS auditing and database activity streams.
Basic Amazon RDS auditing
Amazon RDS for Oracle provides the following auditing features:
-
log
andlistener.log
files. You can push these critical log files automatically to Amazon CloudWatch for longer retention and analysis. -
Standard auditing. You can use this native Oracle feature to audit SQL statements, privileges, schemas, objects, network, and multi-tier activity. Oracle recommends using standard auditing on versions before Oracle Database 12c release 1 (12.1). Standard auditing can be difficult to manage because of multiple audit trails that have different parameters to control auditing behavior and the lack of granular auditing options.
-
Unified auditing. Oracle Database 12.1 and later versions offer unified auditing. This feature provides audit data in a single location and in a single format. Amazon RDS for Oracle supports mixed-mode auditing, which is enabled by default to support both standard auditing and unified auditing.
Database activity streams
Database activity streams provide a real-time data stream of all database activity. This feature helps companies monitor, audit, and protect databases from unauthorized access and meet compliance and regulatory requirements. It reduces the work required to satisfy compliance goals and facilitates migration to managed database services on AWS. Database activity streams provide real-time data that's integrated into the existing monitoring and alert infrastructure, so you can use your existing processes, tools, and reports. Here is a typical use case:
-
Grant access to Partner applications for Amazon Kinesis Data Streams and AWS Key Management Service (AWS KMS) to monitor database activity.
-
Connect Amazon Kinesis Data Streams to Amazon Data Firehose to save activities to Amazon S3 for long-term retention.
-
Connect to AWS Lambda to analyze or monitor database activities.
Note
The database activity streams feature is available in Amazon RDS and Amazon Aurora. It supports both heterogeneous and homogeneous database migration scenarios.