search

sul-dlss-deprecated / rialto

RIALTO - Stanford Libraries' Research Intelligence System
https://library.stanford.edu/projects/rialto
5 stars 1 forks source link

Terraform: Turn on Neptune audit logs #243

Closed tingulfsen closed 6 years ago

tingulfsen commented 6 years ago

Our current Terraform code does not turn on AWS audit logs:

https://docs.aws.amazon.com/neptune/latest/userguide/auditing.html

Audit logging can be turned on by adding a parameter group to the Neptune cluster, then setting the neptune_enable_audit_log parameter to 1 (On).

Notes:

  1. The parameter group must be associated with the cluster, not the instance, in order to enable audit logging.
  2. I've manually (via the AWS Console, not Terraform) turned on audit logs.
  3. The default parameter group associated with both clusters and instances is not modifiable. You must create a new parameter group, then go to the cluster/instance in order to do the update.
  4. In order for the update to take effect it seems that you have to reboot the Neptune instance.
peetucket commented 6 years ago

Not using terraform to deploy neptune, since it auto-deploys into its own VPC.

Will enable audit logs on all pieces of infrastructure later