Simplifying Log Analysis: Streaming RDS Audit Logs to Redshift Using AWS Kinesis Data Firehose

SHARE THE BLOG

Facebook
Twitter
LinkedIn
Email
WhatsApp

Introduction

Effectively managing and analysing log data is essential for maintaining a secure and optimized infrastructure. In this article, we will provide a detailed guide on configuring the streaming of RDS audit logs to Amazon Redshift using the Amazon Kinesis Data Firehose. This integration empowers organisations to centralise and analyse their RDS audit logs, enabling proactive monitoring, compliance adherence, and security threat detection. We will explore the benefits and provide step-by-step instructions to configure this powerful log analysis solution.

Useful Cases & Benefits

Enhanced Security and Compliance: Streaming RDS audit logs to Redshift allows organisations to monitor and audit database activities, helping detect unauthorised access attempts and identify security vulnerabilities. It empowers businesses to strengthen their security posture and maintain a robust audit trail.

Enabling In-depth Analysis and Troubleshooting: By centralising RDS audit logs in Redshift, organisations gain the capability to conduct comprehensive analysis and efficiently troubleshoot issues. This centralised approach enables quicker identification and resolution of performance bottlenecks, database errors, and abnormal activities, leading to improved application availability and enhanced customer satisfaction.

Prerequisites

  • An active AWS account
  • An existing Amazon Redshift cluster
  • An RDS instance with audit logging enabled
  • Familiarity with the AWS Management Console and basic SQL queries

Solution Configuration

1· Set Up an Amazon Redshift cluster.

  • Create an Amazon Redshift cluster or use an existing one to store and analyse the RDS audit logs.
  • Ensure the Redshift cluster has the necessary permissions to interact with other AWS services.

2· Create an Amazon Kinesis Data Firehose Delivery Stream.

  • Go to the Amazon Kinesis Data Firehose console and click “Create delivery stream.”
  • Provide a name for the delivery stream and select Redshift as the destination.
  • Choose your Amazon Redshift cluster and configure settings such as database credentials and connection details.

3· Configure Data Transformation

  • Select the newly created Kinesis Data Firehose delivery stream in the console.
  • Under “Data transformation,” configure transformations to prepare the log data for Redshift ingestion.
  • Define the necessary mappings, schemas, tables, and columns to ensure accurate data loading into Redshift.

4· Set Up RDS Integration with Kinesis Data Firehose

  • In the Kinesis Data Firehose console, choose the delivery stream.
  • Under “Source,” create an IAM role that grants Kinesis Data Firehose permissions to access RDS audit logs.
  • Configure the RDS integration by selecting the desired RDS instance and enabling audit log streaming.

5· Enable Audit Log Streaming for RDS

  • In the AWS Management Console, go to the RDS console.
  • Select your RDS instance and navigate to the “Logs & Events” section.
  • Enable audit log streaming by selecting “Send to CloudWatch Logs.”

6· Create a CloudWatch Logs Subscription Filter

  • In the CloudWatch console, locate the log group associated with your RDS instance’s audit logs.
  • Create a subscription filter for the log group to stream the logs to the Kinesis Data Firehose.
  • Configure the subscription filter to forward logs to the Kinesis Data Firehose delivery stream created in Step 2.

7· Analyse the Log Data in Redshift.ter

  • Once the setup is complete, RDS audit logs will be streamed to the Kinesis Data Firehose delivery stream, transformed, and loaded into Redshift.
  • Connect to your Redshift cluster using your preferred SQL client or the Redshift console.
  • Create tables corresponding to the log data and use SQL queries to analyse and gain insights from the logs.

Conclusion

By implementing this solution, organisations can seamlessly configure the streaming of RDS audit logs to Amazon Redshift using the Amazon Kinesis Data Firehose. This integration provides a centralised and efficient solution for log analysis, empowering businesses to proactively monitor database activities, strengthen security, maintain compliance, and troubleshoot issues effectively. Leveraging the power of Kinesis and Redshift, organisations can gain valuable insights from their RDS audit logs, optimise performance, and ensure the integrity of their databases. Regularly monitoring and analysing log data will enable organizations to identify and address potential vulnerabilities, ensuring the security and availability of their critical data.

Picture of Dima Hamed

Dima Hamed

With over 7 years of experience, Dima Hamed is a data engineer and database administrator with a proven track record of excellence. Holding certifications as a data engineer from AWS, Google, and Azure, Dima is an expert in designing cloud-based data solutions and possesses excellent knowledge in data cleansing, validation, and structuring, as well as designing and maintaining ETL processes, data systems, and administering databases. She excels at interpreting data, analyzing results, and visualizing information to present business insights.
Picture of Dima Hamed

Dima Hamed

With over 7 years of experience, Dima Hamed is a data engineer and database administrator with a proven track record of excellence. Holding certifications as a data engineer from AWS, Google, and Azure, Dima is an expert in designing cloud-based data solutions and possesses excellent knowledge in data cleansing, validation, and structuring, as well as designing and maintaining ETL processes, data systems, and administering databases. She excels at interpreting data, analyzing results, and visualizing information to present business insights.